netconfcentral logo

ietf-nat

HTML

ietf-nat@2019-01-10



  module ietf-nat {

    yang-version 1.1;

    namespace
      "urn:ietf:params:xml:ns:yang:ietf-nat";

    prefix nat;

    import ietf-inet-types {
      prefix inet;
      reference
        "Section 4 of RFC 6991";


    }
    import ietf-yang-types {
      prefix yang;
      reference
        "Section 3 of RFC 6991";


    }
    import ietf-interfaces {
      prefix if;
      reference
        "RFC 8343: A YANG Data Model for Interface Management";


    }

    organization
      "IETF OPSAWG (Operations and Management Area Working Group)";

    contact
      "WG Web:   <https://datatracker.ietf.org/wg/opsawg/>
WG List:  <mailto:opsawg@ietf.org>

Editor:  Mohamed Boucadair
	 <mailto:mohamed.boucadair@orange.com>

Author:  Senthil Sivakumar
	 <mailto:ssenthil@cisco.com>

Author:  Christian Jacquenet
	 <mailto:christian.jacquenet@orange.com>

Author:  Suresh Vinapamula
	 <mailto:sureshk@juniper.net>

Author:  Qin Wu
	 <mailto:bill.wu@huawei.com>";

    description
      "This module is a YANG module for NAT implementations.
NAT44, Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers (NAT64), customer-side translator
(CLAT), Stateless IP/ICMP Translation (SIIT), Explicit
Address Mappings (EAM) for SIIT, IPv6 Network Prefix
Translation (NPTv6), and Destination NAT are covered.

Copyright (c) 2018 IETF Trust and the persons identified as
authors of the code.  All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC 8512; see
the RFC itself for full legal notices.";

    revision "2019-01-10" {
      description "Initial revision.";
      reference
        "RFC 8512: A YANG Module for Network Address Translation
        	  (NAT) and Network Prefix Translation (NPT)";

    }


    typedef percent {
      type uint8 {
        range "0 .. 100";
      }
      description "Percentage";
    }

    feature basic-nat44 {
      description
        "Basic NAT44 translation is limited to IP addresses alone.";
      reference
        "RFC 3022: Traditional IP Network Address Translator
        	  (Traditional NAT)";

    }

    feature napt44 {
      description
        "Network Address Port Translator (NAPT): translation is
extended to include IP addresses and transport identifiers
(such as a TCP/UDP port or ICMP query ID).

If the internal IP address is not sufficient to uniquely
disambiguate NAPT44 mappings, an additional attribute is
required.  For example, that additional attribute may
be an IPv6 address (a.k.a., DS-Lite) or
a Layer 2 identifier (a.k.a., Per-Interface NAT)";
      reference
        "RFC 3022: Traditional IP Network Address Translator
        	  (Traditional NAT)";

    }

    feature dst-nat {
      description
        "Destination NAT is a translation that acts on the destination
IP address and/or destination port number.  This flavor is
usually deployed in load balancers or at devices
in front of public servers.";
    }

    feature nat64 {
      description
        "NAT64 translation allows IPv6-only clients to contact IPv4
servers using, e.g., UDP, TCP, or ICMP.  One or more
public IPv4 addresses assigned to a NAT64 translator are
shared among several IPv6-only clients.";
      reference
        "RFC 6146: Stateful NAT64: Network Address and Protocol
        	  Translation from IPv6 Clients to IPv4 Servers";

    }

    feature siit {
      description
        "The Stateless IP/ICMP Translation Algorithm (SIIT), which
translates between IPv4 and IPv6 packet headers (including
ICMP headers).

In the stateless mode, an IP/ICMP translator converts IPv4
addresses to IPv6, and vice versa, solely based on the
configuration of the stateless IP/ICMP translator and
information contained within the packet being translated.
The translator must support the stateless address mapping
algorithm defined in RFC 6052, which is the default behavior.";
      reference
        "RFC 7915: IP/ICMP Translation Algorithm";

    }

    feature clat {
      description
        "CLAT is customer-side translator that algorithmically
translates 1:1 private IPv4 addresses to global IPv6
addresses, and vice versa.

When a dedicated /64 prefix is not available for translation
from DHCPv6-PD, the CLAT may perform NAT44 for all IPv4 LAN
packets so that all the LAN-originated IPv4 packets appear
from a single IPv4 address and are then statelessly translated
to one interface IPv6 address that is claimed by the CLAT via
the Neighbor Discovery Protocol (NDP) and defended with
Duplicate Address Detection.";
      reference
        "RFC 6877: 464XLAT: Combination of Stateful and
        	  Stateless Translation";

    }

    feature eam {
      description
        "Explicit Address Mapping (EAM) is a bidirectional coupling
between an IPv4 prefix and an IPv6 prefix.";
      reference
        "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP
        	  Translation";

    }

    feature nptv6 {
      description
        "NPTv6 is a stateless transport-agnostic IPv6-to-IPv6
prefix translation.";
      reference
        "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";

    }

    identity nat-type {
      base 
      description
        "Base identity for nat type.";
    }

    identity basic-nat44 {
      base nat:nat-type;
      description
        "Identity for Basic NAT support.";
      reference
        "RFC 3022: Traditional IP Network Address Translator
        	  (Traditional NAT)";

    }

    identity napt44 {
      base nat:nat-type;
      description
        "Identity for NAPT support.";
      reference
        "RFC 3022: Traditional IP Network Address Translator
        	  (Traditional NAT)";

    }

    identity dst-nat {
      base nat:nat-type;
      description
        "Identity for Destination NAT support.";
    }

    identity nat64 {
      base nat:nat-type;
      description
        "Identity for NAT64 support.";
      reference
        "RFC 6146: Stateful NAT64: Network Address and Protocol
        	  Translation from IPv6 Clients to IPv4 Servers";

    }

    identity siit {
      base nat:nat-type;
      description
        "Identity for SIIT support.";
      reference
        "RFC 7915: IP/ICMP Translation Algorithm";

    }

    identity clat {
      base nat:nat-type;
      description
        "Identity for CLAT support.";
      reference
        "RFC 6877: 464XLAT: Combination of Stateful and Stateless
        	  Translation";

    }

    identity eam {
      base nat:nat-type;
      description
        "Identity for EAM support.";
      reference
        "RFC 7757: Explicit Address Mappings for Stateless IP/ICMP
        	  Translation";

    }

    identity nptv6 {
      base nat:nat-type;
      description
        "Identity for NPTv6 support.";
      reference
        "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";

    }

    grouping port-number {
      description
        "An individual port number or a range of ports.
When only start-port-number is present,
it represents a single port number.";
      leaf start-port-number {
        type inet:port-number;
        description
          "Beginning of the port range.";
        reference
          "Section 3.2.9 of RFC 8045";

      }

      leaf end-port-number {
        type inet:port-number;
        must ". >= ../start-port-number" {
          error-message
            "The end-port-number must be greater than or
equal to start-port-number.";
        }
        description "End of the port range.";
        reference
          "Section 3.2.10 of RFC 8045";

      }
    }  // grouping port-number

    grouping port-set {
      description
        "Indicates a set of port numbers.

It may be a simple port range, or use the Port Set
Identifier (PSID) algorithm to represent a range of
transport-layer port numbers that will be used by a
NAPT.";
      choice port-type {
        default "port-range";
        description
          "Port type: port-range or port-set-algo.";
        reference
          "RFC 7597: Mapping of Address and Port with
          	  Encapsulation (MAP-E)";

        case port-range {
          uses port-number;
        }  // case port-range

        case port-set-algo {
          leaf psid-offset {
            type uint8 {
              range "0..15";
            }
            description
              "The number of offset bits (a.k.a., 'a' bits).
Specifies the numeric value for the excluded port
range/offset bits.

Allowed values are between 0 and 15.";
            reference
              "Section 5.1 of RFC 7597";

          }

          leaf psid-len {
            type uint8 {
              range "0..15";
            }
            mandatory true;
            description
              "The length of PSID, representing the sharing
ratio for an IPv4 address.

(also known as 'k').

The address-sharing ratio would be 2^k.";
            reference
              "Section 5.1 of RFC 7597";

          }

          leaf psid {
            type uint16;
            mandatory true;
            description
              "PSID value, which identifies a set
of ports algorithmically.";
            reference
              "Section 5.1 of RFC 7597";

          }
        }  // case port-set-algo
      }  // choice port-type
    }  // grouping port-set

    grouping mapping-entry {
      description
        "NAT mapping entry.

If an attribute is not stored in the mapping/session table,
it means the corresponding field of a packet that
matches this entry is not rewritten by the NAT or this
information is not required for NAT filtering purposes.";
      leaf index {
        type uint32;
        description
          "A unique identifier of a mapping entry.  This identifier
can be automatically assigned by the NAT instance or be
explicitly configured.";
      }

      leaf type {
        type enumeration {
          enum "static" {
            value 0;
            description
              "The mapping entry is explicitly configured
(e.g., via a command-line interface).";
          }
          enum "dynamic-implicit" {
            value 1;
            description
              "This mapping is created implicitly as a side effect
of processing a packet that requires a new mapping.";
          }
          enum "dynamic-explicit" {
            value 2;
            description
              "This mapping is created as a result of an explicit
request, e.g., a PCP message.";
          }
        }
        description
          "Indicates the type of a mapping entry.  For example,
a mapping can be: static, implicit dynamic,
or explicit dynamic.";
      }

      leaf transport-protocol {
        type uint8;
        description
          "The upper-layer protocol associated with this mapping.
Values are taken from the IANA Protocol Numbers registry:
<https://www.iana.org/assignments/protocol-numbers/>.

For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP.

If this leaf is not instantiated, then the mapping
applies to any protocol.";
      }

      leaf internal-src-address {
        type inet:ip-prefix;
        description
          "Corresponds to the source IPv4/IPv6 address/prefix
of the packet received on an internal interface.";
      }

      container internal-src-port {
        description
          "Corresponds to the source port of the packet received
on an internal interface.

It is also used to indicate the internal source ICMP
identifier.

As a reminder, all the ICMP Query messages contain
an 'Identifier' field, which is referred to in this
document as the 'ICMP Identifier'.";
        uses port-number;
      }  // container internal-src-port

      leaf external-src-address {
        type inet:ip-prefix;
        description
          "Source IP address/prefix of the packet sent on an
external interface of the NAT.";
      }

      container external-src-port {
        description
          "Source port of the packet sent on an external
interface of the NAT.

It is also used to indicate the external source ICMP
identifier.";
        uses port-number;
      }  // container external-src-port

      leaf internal-dst-address {
        type inet:ip-prefix;
        description
          "Corresponds to the destination IP address/prefix
of the packet received on an internal interface
of the NAT.

For example, some NAT implementations support
the translation of both source and destination
addresses and port numbers, sometimes referred to
as 'Twice NAT'.";
      }

      container internal-dst-port {
        description
          "Corresponds to the destination port of the
IP packet received on the internal interface.

It is also used to include the internal
destination ICMP identifier.";
        uses port-number;
      }  // container internal-dst-port

      leaf external-dst-address {
        type inet:ip-prefix;
        description
          "Corresponds to the destination IP address/prefix
of the packet sent on an external interface
of the NAT.";
      }

      container external-dst-port {
        description
          "Corresponds to the destination port number of
the packet sent on the external interface
of the NAT.

It is also used to include the external
destination ICMP identifier.";
        uses port-number;
      }  // container external-dst-port

      leaf lifetime {
        type uint32;
        units "seconds";
        description
          "When specified, it is used to track the connection that is
fully formed (e.g., once the three-way handshake
TCP is completed) or the duration for maintaining
an explicit mapping alive.  The mapping entry will be
removed by the NAT instance once this lifetime is expired.

When reported in a get operation, the lifetime indicates
the remaining validity lifetime.

Static mappings may not be associated with a
lifetime.  If no lifetime is associated with a
static mapping, an explicit action is required to
remove that mapping.";
      }
    }  // grouping mapping-entry

    container nat {
      description "NAT module";
      container instances {
        description "NAT instances";
        list instance {
          key "id";
          description
            "A NAT instance.  This identifier can be automatically
assigned or explicitly configured.";
          leaf id {
            type uint32;
            must ". >= 1";
            description
              "NAT instance identifier.

The identifier must be greater than zero.";
            reference
              "RFC 7659: Definitions of Managed Objects for Network
              	  Address Translators (NATs)";

          }

          leaf name {
            type string;
            description
              "A name associated with the NAT instance.";
            reference
              "RFC 7659: Definitions of Managed Objects for Network
              	  Address Translators (NATs)";

          }

          leaf enable {
            type boolean;
            description
              "Status of the NAT instance.";
          }

          container capabilities {
            config false;
            description "NAT capabilities.";
            leaf-list nat-flavor {
              type identityref {
                base nat-type;
              }
              description
                "Supported translation type(s).";
            }

            leaf-list per-interface-binding {
              type enumeration {
                enum "unsupported" {
                  value 0;
                  description
                    "No capability to associate a NAT binding with
an extra identifier.";
                }
                enum "layer-2" {
                  value 1;
                  description
                    "The NAT instance is able to associate a mapping with
a Layer 2 identifier.";
                }
                enum "dslite" {
                  value 2;
                  description
                    "The NAT instance is able to associate a mapping with
an IPv6 address (a.k.a., DS-Lite).";
                }
              }
              description
                "Indicates the capability of a NAT to associate a
particular NAT session not only with the five
tuples used for the transport connection on both
sides of the NAT but also with the internal
interface on which the user device is
connected to the NAT.";
              reference
                "Section 4 of RFC 6619";

            }

            list transport-protocols {
              key "protocol-id";
              description
                "List of supported protocols.";
              leaf protocol-id {
                type uint8;
                mandatory true;
                description
                  "The upper-layer protocol associated with a mapping.

Values are taken from the IANA Protocol Numbers
registry.

For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP.";
              }

              leaf protocol-name {
                type string;
                description
                  "The name of the upper-layer protocol associated
with this mapping.

For example, TCP, UDP, DCCP, and SCTP.";
              }
            }  // list transport-protocols

            leaf restricted-port-support {
              type boolean;
              description
                "Indicates source port NAT restriction support.";
              reference
                "RFC 7596: Lightweight 4over6: An Extension to
                	  the Dual-Stack Lite Architecture";

            }

            leaf static-mapping-support {
              type boolean;
              description
                "Indicates whether static mappings are supported.";
            }

            leaf port-randomization-support {
              type boolean;
              description
                "Indicates whether port randomization is supported.";
              reference
                "Section 4.2.1 of RFC 4787";

            }

            leaf port-range-allocation-support {
              type boolean;
              description
                "Indicates whether port range allocation is supported.";
              reference
                "Section 1.1 of RFC 7753";

            }

            leaf port-preservation-suport {
              type boolean;
              description
                "Indicates whether port preservation is supported.";
              reference
                "Section 4.2.1 of RFC 4787";

            }

            leaf port-parity-preservation-support {
              type boolean;
              description
                "Indicates whether port parity preservation is
supported.";
              reference
                "Section 8 of RFC 7857";

            }

            leaf address-roundrobin-support {
              type boolean;
              description
                "Indicates whether address allocation round robin is
supported.";
            }

            leaf paired-address-pooling-support {
              type boolean;
              description
                "Indicates whether paired-address-pooling is
supported";
              reference
                "REQ-2 of RFC 4787";

            }

            leaf endpoint-independent-mapping-support {
              type boolean;
              description
                "Indicates whether endpoint-independent-
mapping is supported.";
              reference
                "Section 4 of RFC 4787";

            }

            leaf address-dependent-mapping-support {
              type boolean;
              description
                "Indicates whether address-dependent-mapping is
supported.";
              reference
                "Section 4 of RFC 4787";

            }

            leaf address-and-port-dependent-mapping-support {
              type boolean;
              description
                "Indicates whether address-and-port-dependent-mapping is
supported.";
              reference
                "Section 4 of RFC 4787";

            }

            leaf endpoint-independent-filtering-support {
              type boolean;
              description
                "Indicates whether endpoint-independent-filtering is
supported.";
              reference
                "Section 5 of RFC 4787";

            }

            leaf address-dependent-filtering {
              type boolean;
              description
                "Indicates whether address-dependent-filtering is
supported.";
              reference
                "Section 5 of RFC 4787";

            }

            leaf address-and-port-dependent-filtering {
              type boolean;
              description
                "Indicates whether address-and-port-dependent is
supported.";
              reference
                "Section 5 of RFC 4787";

            }

            leaf fragment-behavior {
              type enumeration {
                enum "unsupported" {
                  value 0;
                  description
                    "No capability to translate incoming fragments.
All received fragments are dropped.";
                }
                enum "in-order" {
                  value 1;
                  description
                    "The NAT instance is able to translate fragments
only if they are received in order.  That is, in
particular the header is in the first packet.
Fragments received out of order are dropped. ";
                }
                enum "out-of-order" {
                  value 2;
                  description
                    "The NAT instance is able to translate a fragment even
if it is received out of order.

This behavior is recommended.";
                  reference
                    "REQ-14 of RFC 4787";

                }
              }
              description
                "The fragment behavior is the NAT instance's capability to
translate fragments received on the external interface of
the NAT.";
            }
          }  // container capabilities

          leaf type {
            type identityref {
              base nat-type;
            }
            description
              "Specify the translation type.  Particularly useful when
multiple translation flavors are supported.

If one type is supported by a NAT, this parameter is by
default set to that type.";
          }

          leaf per-interface-binding {
            type enumeration {
              enum "disabled" {
                value 0;
                description
                  "Disable the capability to associate an extra identifier
with NAT mappings.";
              }
              enum "layer-2" {
                value 1;
                description
                  "The NAT instance is able to associate a mapping with
a Layer 2 identifier.";
              }
              enum "dslite" {
                value 2;
                description
                  "The NAT instance is able to associate a mapping with
an IPv6 address (a.k.a., DS-Lite).";
              }
            }
            description
              "A NAT that associates a particular NAT session not
only with the five tuples used for the transport
connection on both sides of the NAT but also with
the internal interface on which the user device is
connected to the NAT.

If supported, this mode of operation should be
configurable, and it should be disabled by default in
general-purpose NAT devices.
If one single per-interface binding behavior is
supported by a NAT, this parameter is by default set to
that behavior.";
            reference
              "Section 4 of RFC 6619";

          }

          list nat-pass-through {
            if-feature basic-nat44 or napt44 or dst-nat;
            key "id";
            description
              "IP prefix NAT pass-through.";
            leaf id {
              type uint32;
              description
                "An identifier of the IP prefix pass-through.";
            }

            leaf prefix {
              type inet:ip-prefix;
              mandatory true;
              description
                "The IP addresses that match should not be translated.

It must be possible to administratively turn
off translation for specific destination addresses
and/or ports.";
              reference
                "REQ-6 of RFC 6888";

            }

            leaf port {
              type inet:port-number;
              description
                "It must be possible to administratively turn off
translation for specific destination addresses
and/or ports.

If no prefix is defined, the NAT pass-through bound
to a given port applies for any destination address.";
              reference
                "REQ-6 of RFC 6888";

            }
          }  // list nat-pass-through

          list policy {
            key "id";
            description
              "NAT parameters for a given instance";
            leaf id {
              type uint32;
              description
                "An identifier of the NAT policy.  It must be unique
within the NAT instance.";
            }

            container clat-parameters {
              if-feature clat;
              description "CLAT parameters.";
              list clat-ipv6-prefixes {
                key "ipv6-prefix";
                description
                  "464XLAT double-translation treatment is stateless
when a dedicated /64 is available for translation
on the CLAT.  Otherwise, the CLAT will have both
stateful and stateless translation since it requires
NAT44 from the LAN to a single IPv4 address and then
stateless translation to a single IPv6 address.";
                reference
                  "RFC 6877: 464XLAT: Combination of Stateful and
                  	  Stateless Translation";

                leaf ipv6-prefix {
                  type inet:ipv6-prefix;
                  description
                    "An IPv6 prefix used for CLAT.";
                }
              }  // list clat-ipv6-prefixes

              list ipv4-prefixes {
                key "ipv4-prefix";
                description
                  "Pool of IPv4 addresses used for CLAT.
192.0.0.0/29 is the IPv4 service continuity prefix.";
                reference
                  "RFC 7335: IPv4 Service Continuity Prefix";

                leaf ipv4-prefix {
                  type inet:ipv4-prefix;
                  description
                    "464XLAT double-translation treatment is
stateless when a dedicated /64 is available
for translation on the CLAT.  Otherwise, the
CLAT will have both stateful and stateless
translation since it requires NAT44 from the
LAN to a single IPv4 address and then stateless
translation to a single IPv6 address.
The CLAT performs NAT44 for all IPv4 LAN
packets so that all the LAN-originated IPv4
packets appear from a single IPv4 address
and are then statelessly translated to one
interface IPv6 address that is claimed by
the CLAT.

An IPv4 address from this pool is also
provided to an application that makes
use of literals.";
                  reference
                    "RFC 6877: 464XLAT: Combination of Stateful and
                    	  Stateless Translation";

                }
              }  // list ipv4-prefixes
            }  // container clat-parameters

            list nptv6-prefixes {
              if-feature nptv6;
              key "internal-ipv6-prefix";
              description
                "Provides one or a list of (internal IPv6 prefix,
external IPv6 prefix) required for NPTv6.

In its simplest form, NPTv6 interconnects two
network links: one is an 'internal' network
link attached to a leaf network within a single
administrative domain, and the other is an
'external' network with connectivity to the
global Internet.";
              reference
                "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";

              leaf internal-ipv6-prefix {
                type inet:ipv6-prefix;
                mandatory true;
                description
                  "An IPv6 prefix used by an internal interface of
NPTv6.";
                reference
                  "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";

              }

              leaf external-ipv6-prefix {
                type inet:ipv6-prefix;
                mandatory true;
                description
                  "An IPv6 prefix used by the external interface of
NPTv6.";
                reference
                  "RFC 6296: IPv6-to-IPv6 Network Prefix Translation";

              }
            }  // list nptv6-prefixes

            list eam {
              if-feature eam;
              key "ipv4-prefix";
              description
                "The Explicit Address Mapping Table is a conceptual
table in which each row represents an EAM.

Each EAM describes a mapping between IPv4 and IPv6
prefixes/addresses.";
              reference
                "Section 3.1 of RFC 7757";

              leaf ipv4-prefix {
                type inet:ipv4-prefix;
                mandatory true;
                description
                  "The IPv4 prefix of an EAM.";
                reference
                  "Section 3.2 of RFC 7757";

              }

              leaf ipv6-prefix {
                type inet:ipv6-prefix;
                mandatory true;
                description
                  "The IPv6 prefix of an EAM.";
                reference
                  "Section 3.2 of RFC 7757";

              }
            }  // list eam

            list nat64-prefixes {
              if-feature siit or nat64 or clat;
              key "nat64-prefix";
              description
                "Provides one or a list of NAT64 prefixes
with or without a list of destination IPv4 prefixes.
It allows mapping IPv4 address ranges to IPv6 prefixes.
For example:
192.0.2.0/24 is mapped to 2001:db8:122:300::/56.
198.51.100.0/24 is mapped to 2001:db8:122::/48.";
              reference
                "Section 5.1 of RFC 7050";

              leaf nat64-prefix {
                type inet:ipv6-prefix;
                mandatory true;
                description
                  "A NAT64 prefix.  Can be a Network-Specific Prefix (NSP)
or a Well-Known Prefix (WKP).

Organizations deploying stateless IPv4/IPv6 translation
should assign an NSP to their IPv4/IPv6 translation
service.
For stateless NAT64, IPv4-translatable IPv6 addresses
must use the selected NSP.

Both IPv4-translatable IPv6 addresses and
IPv4-converted IPv6 addresses should use
the same prefix.";
                reference
                  "Sections 3.3 and 3.4 of RFC 6052";

              }

              list destination-ipv4-prefix {
                key "ipv4-prefix";
                description
                  "An IPv4 prefix/address.";
                leaf ipv4-prefix {
                  type inet:ipv4-prefix;
                  description
                    "An IPv4 address/prefix.";
                }
              }  // list destination-ipv4-prefix

              leaf stateless-enable {
                type boolean;
                default "false";
                description
                  "Enable explicitly stateless NAT64.";
              }
            }  // list nat64-prefixes

            list external-ip-address-pool {
              if-feature basic-nat44 or napt44 or nat64;
              key "pool-id";
              description
                "Pool of external IP addresses used to service internal
hosts.

A pool is a set of IP prefixes.";
              leaf pool-id {
                type uint32;
                must ". >= 1";
                description
                  "An identifier that uniquely identifies the address pool
within a NAT instance.

The identifier must be greater than zero.";
                reference
                  "RFC 7659: Definitions of Managed Objects for
                  	  Network Address Translators (NATs)";

              }

              leaf external-ip-pool {
                type inet:ipv4-prefix;
                mandatory true;
                description
                  "An IPv4 prefix used for NAT purposes.";
              }
            }  // list external-ip-address-pool

            container port-set-restrict {
              if-feature napt44 or nat64;
              description
                "Configures contiguous and non-contiguous port ranges.

The port set is used to restrict the external source
port numbers used by the translator.";
              uses port-set;
            }  // container port-set-restrict

            leaf dst-nat-enable {
              if-feature basic-nat44 or napt44;
              type boolean;
              default "false";
              description
                "Enable/disable Destination NAT.

A NAT44 may be configured to enable Destination
NAT, too.";
            }

            list dst-ip-address-pool {
              if-feature dst-nat;
              key "pool-id";
              description
                "Pool of IP addresses used for Destination NAT.";
              leaf pool-id {
                type uint32;
                description
                  "An identifier of the address pool.";
              }

              leaf dst-in-ip-pool {
                type inet:ip-prefix;
                description
                  "Is used to identify an internal destination
IP prefix/address to be translated.";
              }

              leaf dst-out-ip-pool {
                type inet:ip-prefix;
                mandatory true;
                description
                  "IP address/prefix used for Destination NAT.";
              }
            }  // list dst-ip-address-pool

            list transport-protocols {
              if-feature napt44 or nat64 or dst-nat;
              key "protocol-id";
              description
                "Configure the transport protocols to be handled by
the translator.

TCP and UDP are supported by default.";
              leaf protocol-id {
                type uint8;
                mandatory true;
                description
                  "The upper-layer protocol associated with this
mapping.

Values are taken from the IANA Protocol Numbers
registry.

For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP.";
              }

              leaf protocol-name {
                type string;
                description
                  "The name of the upper-layer protocol associated
with this mapping.

For example, TCP, UDP, DCCP, and SCTP.";
              }
            }  // list transport-protocols

            leaf subscriber-mask-v6 {
              type uint8 {
                range "0 .. 128";
              }
              description
                "The subscriber mask is an integer that indicates
the length of significant bits to be applied on
the source IPv6 address (internal side) to
unambiguously identify a user device (e.g., CPE).

Subscriber mask is a system-wide configuration
parameter that is used to enforce generic
per-subscriber policies (e.g., port-quota).

The enforcement of these generic policies does not
require the configuration of every subscriber's
prefix.

Example: suppose the 2001:db8:100:100::/56 prefix
is assigned to a NAT64-serviced CPE.  Suppose also
that 2001:db8:100:100::1 is the IPv6 address used
by the client that resides in that CPE.  When the
NAT64 receives a packet from this client,
it applies the subscriber-mask-v6 (e.g., 56) on
the source IPv6 address to compute the associated
prefix for this client (2001:db8:100:100::/56).
Then, the NAT64 enforces policies based on that
prefix (2001:db8:100:100::/56), not on the exact
source IPv6 address.";
            }

            list subscriber-match {
              if-feature basic-nat44 or napt44 or dst-nat;
              key "match-id";
              description
                "IP prefix match.
A subscriber is identified by a subnet.";
              leaf match-id {
                type uint32;
                description
                  "An identifier of the subscriber match.";
              }

              leaf subnet {
                type inet:ip-prefix;
                mandatory true;
                description
                  "The IP address subnets that match
should be translated.  For example, all addresses
that belong to the 192.0.2.0/24 prefix must
be processed by the NAT.";
              }
            }  // list subscriber-match

            leaf address-allocation-type {
              type enumeration {
                enum "arbitrary" {
                  value 0;
                  description
                    "Arbitrary pooling behavior means that the NAT
instance may create the new port mapping using any
address in the pool that has a free port for the
protocol concerned.";
                }
                enum "roundrobin" {
                  value 1;
                  description
                    "Round-robin allocation.";
                }
                enum "paired" {
                  value 2;
                  description
                    "Paired address pooling informs the NAT
that all the flows from an internal IP
address must be assigned the same external
address.  This is the recommended behavior
for NAPT/NAT64.";
                  reference
                    "RFC 4787: Network Address Translation (NAT)
                    	  Behavioral Requirements for Unicast UDP";

                }
              }
              description
                "Specifies how external IP addresses are allocated.";
            }

            leaf port-allocation-type {
              if-feature napt44 or nat64;
              type enumeration {
                enum "random" {
                  value 0;
                  description
                    "Port randomization is enabled.  A NAT port allocation
scheme should make it hard for attackers to guess
port numbers";
                  reference
                    "REQ-15 of RFC 6888";

                }
                enum "port-preservation" {
                  value 1;
                  description
                    "Indicates whether the NAT should preserve the
internal port number.";
                }
                enum
                  "port-parity-preservation" {
                  value 2;
                  description
                    "Indicates whether the NAT should preserve the port
parity of the internal port number.";
                }
                enum "port-range-allocation" {
                  value 3;
                  description
                    "Indicates whether the NAT assigns a range of ports
for an internal host.  This scheme allows the
minimizing of the log volume.";
                  reference
                    "REQ-14 of RFC 6888";

                }
              }
              description
                "Indicates the type of port allocation.";
            }

            leaf mapping-type {
              if-feature napt44 or nat64;
              type enumeration {
                enum "eim" {
                  value 0;
                  description
                    "endpoint-independent-mapping.";
                  reference
                    "Section 4 of RFC 4787";

                }
                enum "adm" {
                  value 1;
                  description
                    "address-dependent-mapping.";
                  reference
                    "Section 4 of RFC 4787";

                }
                enum "edm" {
                  value 2;
                  description
                    "address-and-port-dependent-mapping.";
                  reference
                    "Section 4 of RFC 4787";

                }
              }
              description
                "Indicates the type of NAT mapping.";
            }

            leaf filtering-type {
              if-feature napt44 or nat64;
              type enumeration {
                enum "eif" {
                  value 0;
                  description
                    "endpoint-independent-filtering.";
                  reference
                    "Section 5 of RFC 4787";

                }
                enum "adf" {
                  value 1;
                  description
                    "address-dependent-filtering.";
                  reference
                    "Section 5 of RFC 4787";

                }
                enum "edf" {
                  value 2;
                  description
                    "address-and-port-dependent-filtering";
                  reference
                    "Section 5 of RFC 4787";

                }
              }
              description
                "Indicates the type of NAT filtering.";
            }

            leaf fragment-behavior {
              if-feature napt44 or nat64;
              type enumeration {
                enum "drop-all" {
                  value 0;
                  description
                    "All received fragments are dropped.";
                }
                enum "in-order" {
                  value 1;
                  description
                    "Translate fragments only if they are received
in order.";
                }
                enum "out-of-order" {
                  value 2;
                  description
                    "Translate a fragment even if it is received out
of order.

This behavior is recommended.";
                  reference
                    "REQ-14 of RFC 4787";

                }
              }
              description
                "The fragment behavior instructs the NAT about the
behavior to follow to translate fragments received
on the external interface of the NAT.";
            }

            list port-quota {
              if-feature napt44 or nat64;
              key "quota-type";
              description
                "Configures a port quota to be assigned per subscriber.
It corresponds to the maximum number of ports to be
used by a subscriber.";
              leaf port-limit {
                type uint16;
                description
                  "Configures a port quota to be assigned per subscriber.
It corresponds to the maximum number of ports to be
used by a subscriber.";
                reference
                  "REQ-4 of RFC 6888";

              }

              leaf quota-type {
                type uint8;
                description
                  "Indicates whether the port quota applies to
all protocols (0) or to a specific protocol.";
              }
            }  // list port-quota

            container port-set {
              when
                "../port-allocation-type = 'port-range-allocation'";
              if-feature napt44 or nat64;
              description
                "Manages port-set assignments.";
              leaf port-set-size {
                type uint16;
                mandatory true;
                description
                  "Indicates the size of assigned port sets.";
              }

              leaf port-set-timeout {
                type uint32;
                units "seconds";
                description
                  "inactivity timeout for port sets.";
              }
            }  // container port-set

            container timers {
              if-feature napt44 or nat64;
              description
                "Configure values of various timeouts.";
              leaf udp-timeout {
                type uint32;
                units "seconds";
                default "300";
                description
                  "UDP inactivity timeout.  That is the time a mapping
will stay active without packets traversing the NAT.";
                reference
                  "RFC 4787: Network Address Translation (NAT)
                  	  Behavioral Requirements for Unicast UDP";

              }

              leaf tcp-idle-timeout {
                type uint32;
                units "seconds";
                default "7440";
                description
                  "TCP idle timeout should be 2 hours and 4 minutes.";
                reference
                  "RFC 5382: NAT Behavioral Requirements for TCP";

              }

              leaf tcp-trans-open-timeout {
                type uint32;
                units "seconds";
                default "240";
                description
                  "The value of the transitory open connection
idle-timeout.

A NAT should provide different configurable
parameters for configuring the open and
closing idle timeouts.

To accommodate deployments that consider
a partially open timeout of 4 minutes as being
excessive from a security standpoint, a NAT may
allow the configured timeout to be less than
4 minutes.

However, a minimum default transitory connection
idle-timeout of 4 minutes is recommended.";
                reference
                  "Section 2.1 of RFC 7857";

              }

              leaf tcp-trans-close-timeout {
                type uint32;
                units "seconds";
                default "240";
                description
                  "The value of the transitory close connection
idle-timeout.

A NAT should provide different configurable
parameters for configuring the open and
closing idle timeouts.";
                reference
                  "Section 2.1 of RFC 7857";

              }

              leaf tcp-in-syn-timeout {
                type uint32;
                units "seconds";
                default "6";
                description
                  "A NAT must not respond to an unsolicited
inbound SYN packet for at least 6 seconds
after the packet is received.  If during
this interval the NAT receives and translates
an outbound SYN for the connection the NAT
must silently drop the original unsolicited
inbound SYN packet.";
                reference
                  "RFC 5382 NAT Behavioral Requirements for TCP";

              }

              leaf fragment-min-timeout {
                when
                  "../../fragment-behavior='out-of-order'";
                type uint32;
                units "seconds";
                default "2";
                description
                  "As long as the NAT has available resources,
the NAT allows the fragments to arrive
over the fragment-min-timeout interval.
The default value is inspired from RFC 6146.";
              }

              leaf icmp-timeout {
                type uint32;
                units "seconds";
                default "60";
                description
                  "An ICMP Query session timer must not expire
in less than 60 seconds.  It is recommended
that the ICMP Query session timer be made
configurable";
                reference
                  "RFC 5508: NAT Behavioral Requirements for ICMP";

              }

              list per-port-timeout {
                key "port-number";
                description
                  "Some NATs are configurable with short timeouts
for some ports, e.g., as 10 seconds on
port 53 (DNS) and 123 (NTP), and longer timeouts
on other ports.";
                leaf port-number {
                  type inet:port-number;
                  description
                    "A port number.";
                }

                leaf protocol {
                  type uint8;
                  description
                    "The upper-layer protocol associated with this port.

Values are taken from the IANA Protocol Numbers
registry.

If no protocol is indicated, it means 'any
protocol'.";
                }

                leaf timeout {
                  type uint32;
                  units "seconds";
                  mandatory true;
                  description
                    "Timeout for this port number";
                }
              }  // list per-port-timeout

              leaf hold-down-timeout {
                type uint32;
                units "seconds";
                default "120";
                description
                  "Hold-down timer.

Ports in the hold-down pool are not reassigned until
hold-down-timeout expires.

The length of time and the maximum number of ports in
this state must be configurable by the administrator.

This is necessary in order to prevent collisions
between old and new mappings and sessions.  It ensures
that all established sessions are broken instead of
redirected to a different peer.";
                reference
                  "REQ-8 of RFC 6888";

              }

              leaf hold-down-max {
                type uint32;
                description
                  "Maximum ports in the hold-down port pool.";
                reference
                  "REQ-8 of RFC 6888";

              }
            }  // container timers

            leaf fragments-limit {
              when
                "../fragment-behavior='out-of-order'";
              type uint32;
              description
                "Limits the number of out-of-order fragments that can
be handled.";
              reference
                "Section 11 of RFC 4787";

            }

            list algs {
              key "name";
              description
                "Features related to the Application Layer
Gateway (ALG).";
              leaf name {
                type string;
                description
                  "The name of the ALG.";
              }

              leaf transport-protocol {
                type uint32;
                description
                  "The transport protocol used by the ALG
(e.g., TCP and UDP).";
              }

              container dst-transport-port {
                description
                  "The destination port number(s) used by the ALG.
For example,
  - 21 for the FTP ALG
  - 53 for the DNS ALG.";
                uses port-number;
              }  // container dst-transport-port

              container src-transport-port {
                description
                  "The source port number(s) used by the ALG.";
                uses port-number;
              }  // container src-transport-port

              leaf status {
                type boolean;
                description
                  "Enable/disable the ALG.";
              }
            }  // list algs

            leaf all-algs-enable {
              type boolean;
              description
                "Disable/enable all ALGs.

When specified, this parameter overrides the one
that may be indicated, eventually, by the 'status'
of an individual ALG.";
            }

            container notify-pool-usage {
              if-feature basic-nat44 or napt44 or nat64;
              description
                "Notification of pool usage when certain criteria
are met.";
              leaf pool-id {
                type uint32;
                description
                  "Pool-ID for which the notification criteria
is defined";
              }

              leaf low-threshold {
                type percent;
                description
                  "Notification must be generated when the defined low
threshold is reached.

For example, if a notification is required when the
pool utilization reaches below 10%, this
configuration parameter must be set to 10.

0% indicates that low-threshold notification is
disabled.";
              }

              leaf high-threshold {
                type percent;
                must ". >= ../low-threshold" {
                  error-message
                    "The high threshold must be greater than or equal
to the low threshold.";
                }
                description
                  "Notification must be generated when the defined high
threshold is reached.

For example, if a notification is required when the
pool utilization reaches 90%, this configuration
parameter must be set to 90.

Setting the same value as low-threshold is equivalent
to disabling high-threshold notification.";
              }

              leaf notify-interval {
                type uint32 {
                  range "1 .. 3600";
                }
                units "seconds";
                default "20";
                description
                  "Minimum number of seconds between successive
notifications for this pool.";
                reference
                  "RFC 7659: Definitions of Managed Objects for
                  	  Network Address Translators (NATs)";

              }
            }  // container notify-pool-usage

            container external-realm {
              description
                "Identifies the external realm of the NAT instance.";
              choice realm-type {
                description
                  "Can be an interface, VRF instance, etc.";
                case interface {
                  description
                    "External interface.";
                  leaf external-interface {
                    type if:interface-ref;
                    description
                      "Name of the external interface.";
                  }
                }  // case interface
              }  // choice realm-type
            }  // container external-realm
          }  // list policy

          container mapping-limits {
            if-feature napt44 or nat64;
            description
              "Information about the configuration parameters that
limits the mappings based upon various criteria.";
            leaf limit-subscribers {
              type uint32;
              description
                "Maximum number of subscribers that can be serviced
by a NAT instance.

A subscriber is identified by a given prefix.";
              reference
                "RFC 7659: Definitions of Managed Objects for
                	  Network Address Translators (NATs)";

            }

            leaf limit-address-mappings {
              type uint32;
              description
                "Maximum number of address mappings that can be
handled by a NAT instance.

When this limit is reached, packets that would
normally trigger translation will be dropped.";
              reference
                "RFC 7659: Definitions of Managed Objects for
                	  Network Address Translators (NATs)";

            }

            leaf limit-port-mappings {
              type uint32;
              description
                "Maximum number of port mappings that can be handled
by a NAT instance.

When this limit is reached, packets that would
normally trigger translation will be dropped.";
              reference
                "RFC 7659: Definitions of Managed Objects for
                	  Network Address Translators (NATs)";

            }

            list limit-per-protocol {
              if-feature napt44 or nat64 or dst-nat;
              key "protocol-id";
              description
                "Configure limits per transport protocol";
              leaf protocol-id {
                type uint8;
                mandatory true;
                description
                  "The upper-layer protocol.

Values are taken from the IANA Protocol Numbers
registry.

For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP.";
              }

              leaf limit {
                type uint32;
                description
                  "Maximum number of protocol-specific NAT mappings
per instance.";
              }
            }  // list limit-per-protocol
          }  // container mapping-limits

          container connection-limits {
            if-feature basic-nat44 or napt44 or nat64;
            description
              "Information about the configuration parameters that
rate-limit the translation based upon various criteria.";
            leaf limit-per-subscriber {
              type uint32;
              units "bits/second";
              description
                "Rate-limit the number of new mappings and sessions
per subscriber.";
            }

            leaf limit-per-instance {
              type uint32;
              units "bits/second";
              description
                "Rate-limit the number of new mappings and sessions
per instance.";
            }

            list limit-per-protocol {
              if-feature napt44 or nat64;
              key "protocol-id";
              description
                "Configure limits per transport protocol";
              leaf protocol-id {
                type uint8;
                mandatory true;
                description
                  "The upper-layer protocol.

Values are taken from the IANA Protocol Numbers
registry.

For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP.";
              }

              leaf limit {
                type uint32;
                description
                  "Limit the number of protocol-specific mappings
and sessions per instance.";
              }
            }  // list limit-per-protocol
          }  // container connection-limits

          container notification-limits {
            description
              "Sets notification limits.";
            leaf notify-interval {
              if-feature basic-nat44 or napt44 or nat64;
              type uint32 {
                range "1 .. 3600";
              }
              units "seconds";
              default "10";
              description
                "Minimum number of seconds between successive
notifications for this NAT instance.";
              reference
                "RFC 7659: Definitions of Managed Objects for
                	  Network Address Translators (NATs)";

            }

            leaf notify-addresses-usage {
              if-feature basic-nat44 or napt44 or nat64;
              type percent;
              description
                "Notification of address mappings usage over
the whole NAT instance.

Notification must be generated when the defined
threshold is reached.

For example, if a notification is required when
the address mappings utilization reaches 90%,
this configuration parameter must be set
to 90.";
            }

            leaf notify-ports-usage {
              if-feature napt44 or nat64;
              type percent;
              description
                "Notification of port mappings usage over the
whole NAT instance.

Notification must be generated when the defined
threshold is reached.

For example, if a notification is required when
the port mappings utilization reaches 90%, this
configuration parameter must be set to 90.";
            }

            leaf notify-subscribers-limit {
              if-feature basic-nat44 or napt44 or nat64;
              type uint32;
              description
                "Notification of active subscribers per NAT
instance.

Notification must be generated when the defined
threshold is reached.";
            }
          }  // container notification-limits

          container mapping-table {
            if-feature basic-nat44 or napt44 or nat64 or clat or dst-nat;
            description
              "NAT mapping table.  Applicable for functions that maintain
static and/or dynamic mappings, such as NAT44, Destination
NAT, NAT64, or CLAT.";
            list mapping-entry {
              key "index";
              description
                "NAT mapping entry.";
              uses mapping-entry;
            }  // list mapping-entry
          }  // container mapping-table

          container statistics {
            config false;
            description
              "Statistics related to the NAT instance.";
            leaf discontinuity-time {
              type yang:date-and-time;
              mandatory true;
              description
                "The time on the most recent occasion at which the NAT
instance suffered a discontinuity.  This must be
initialized when the NAT instance is configured
or rebooted.";
            }

            container traffic-statistics {
              description
                "Generic traffic statistics.";
              leaf sent-packets {
                type yang:zero-based-counter64;
                description
                  "Number of packets sent.";
              }

              leaf sent-bytes {
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter for sent traffic in bytes.";
              }

              leaf rcvd-packets {
                type yang:zero-based-counter64;
                description
                  "Number of received packets.";
              }

              leaf rcvd-bytes {
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter for received traffic in bytes.";
              }

              leaf dropped-packets {
                type yang:zero-based-counter64;
                description
                  "Number of dropped packets.";
              }

              leaf dropped-bytes {
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter for dropped traffic in bytes.";
              }

              leaf dropped-fragments {
                if-feature napt44 or nat64;
                type yang:zero-based-counter64;
                description
                  "Number of dropped fragments on the external realm.";
              }

              leaf dropped-address-limit-packets {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:zero-based-counter64;
                description
                  "Number of dropped packets because an address limit
 is reached.";
              }

              leaf dropped-address-limit-bytes {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter of dropped packets because an address limit
 is reached, in bytes.";
              }

              leaf dropped-address-packets {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:zero-based-counter64;
                description
                  "Number of dropped packets because no address is
available for allocation.";
              }

              leaf dropped-address-bytes {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter of dropped packets because no address is
available for allocation, in bytes.";
              }

              leaf dropped-port-limit-packets {
                if-feature napt44 or nat64;
                type yang:zero-based-counter64;
                description
                  "Number of dropped packets because a port limit
is reached.";
              }

              leaf dropped-port-limit-bytes {
                if-feature napt44 or nat64;
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter of dropped packets because a port limit
is reached, in bytes.";
              }

              leaf dropped-port-packets {
                if-feature napt44 or nat64;
                type yang:zero-based-counter64;
                description
                  "Number of dropped packets because no port is
available for allocation.";
              }

              leaf dropped-port-bytes {
                if-feature napt44 or nat64;
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter of dropped packets because no port is
available for allocation, in bytes.";
              }

              leaf dropped-subscriber-limit-packets {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:zero-based-counter64;
                description
                  "Number of dropped packets because the subscriber
limit per instance is reached.";
              }

              leaf dropped-subscriber-limit-bytes {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:zero-based-counter64;
                units "bytes";
                description
                  "Counter of dropped packets because the subscriber
 limit per instance is reached, in bytes.";
              }
            }  // container traffic-statistics

            container mappings-statistics {
              description
                "Mappings statistics.";
              leaf total-active-subscribers {
                if-feature basic-nat44 or napt44 or nat64;
                type yang:gauge32;
                description
                  "Total number of active subscribers (that is,
subscribers for which the NAT maintains active
mappings).

A subscriber is identified by a subnet,
subscriber-mask, etc.";
              }

              leaf total-address-mappings {
                if-feature basic-nat44 or napt44 or nat64 or clat or dst-nat;
                type yang:gauge32;
                description
                  "Total number of address mappings present at a given
time.  It includes both static and dynamic mappings.";
                reference
                  "Section 3.3.8 of RFC 7659";

              }

              leaf total-port-mappings {
                if-feature napt44 or nat64;
                type yang:gauge32;
                description
                  "Total number of NAT port mappings present at
a given time.  It includes both static and dynamic
mappings.";
                reference
                  "Section 3.3.9 of RFC 7659";

              }

              list total-per-protocol {
                if-feature napt44 or nat64;
                key "protocol-id";
                description
                  "Total mappings for each enabled/supported protocol.";
                leaf protocol-id {
                  type uint8;
                  mandatory true;
                  description
                    "The upper-layer protocol.
For example, this field contains 6 for TCP,
17 for UDP, 33 for DCCP, or 132 for SCTP.";
                }

                leaf total {
                  type yang:gauge32;
                  description
                    "Total number of a protocol-specific mappings present
at a given time.  The protocol is identified by
protocol-id.";
                }
              }  // list total-per-protocol
            }  // container mappings-statistics

            container pools-stats {
              if-feature basic-nat44 or napt44 or nat64;
              description
                "Statistics related to address/prefix pools
usage";
              leaf addresses-allocated {
                type yang:gauge32;
                description
                  "Number of all allocated addresses.";
              }

              leaf addresses-free {
                type yang:gauge32;
                description
                  "Number of unallocated addresses of all pools at
a given time.  The sum of unallocated and allocated
addresses is the total number of addresses of
the pools.";
              }

              container ports-stats {
                if-feature napt44 or nat64;
                description
                  "Statistics related to port numbers usage.";
                leaf ports-allocated {
                  type yang:gauge32;
                  description
                    "Number of allocated ports from all pools.";
                }

                leaf ports-free {
                  type yang:gauge32;
                  description
                    "Number of unallocated addresses from all pools.";
                }
              }  // container ports-stats

              list per-pool-stats {
                if-feature basic-nat44 or napt44 or nat64;
                key "pool-id";
                description
                  "Statistics related to address/prefix pool usage";
                leaf pool-id {
                  type uint32;
                  description
                    "Unique identifier that represents a pool of
addresses/prefixes.";
                }

                leaf discontinuity-time {
                  type yang:date-and-time;
                  mandatory true;
                  description
                    "The time on the most recent occasion at which this
pool counter suffered a discontinuity.  This must
be initialized when the address pool is
configured.";
                }

                container pool-stats {
                  description
                    "Statistics related to address/prefix pool usage";
                  leaf addresses-allocated {
                    type yang:gauge32;
                    description
                      "Number of allocated addresses from this pool.";
                  }

                  leaf addresses-free {
                    type yang:gauge32;
                    description
                      "Number of unallocated addresses in this pool.";
                  }
                }  // container pool-stats

                container port-stats {
                  if-feature napt44 or nat64;
                  description
                    "Statistics related to port numbers usage.";
                  leaf ports-allocated {
                    type yang:gauge32;
                    description
                      "Number of allocated ports from this pool.";
                  }

                  leaf ports-free {
                    type yang:gauge32;
                    description
                      "Number of unallocated addresses from this pool.";
                  }
                }  // container port-stats
              }  // list per-pool-stats
            }  // container pools-stats
          }  // container statistics
        }  // list instance
      }  // container instances
    }  // container nat

    notification nat-pool-event {
      if-feature basic-nat44 or napt44 or nat64;
      description
        "Notifications must be generated when the defined high/low
threshold is reached.  Related configuration parameters
must be provided to trigger the notifications.";
      leaf id {
        type leafref {
          path "/nat/instances/instance/id";
        }
        mandatory true;
        description
          "NAT instance identifier.";
      }

      leaf policy-id {
        type leafref {
          path "/nat/instances/instance/policy/id";
        }
        description "Policy identifier.";
      }

      leaf pool-id {
        type leafref {
          path "/nat/instances/instance/policy/external-ip-address-pool/pool-id";
        }
        mandatory true;
        description "Pool Identifier.";
      }

      leaf notify-pool-threshold {
        type percent;
        mandatory true;
        description
          "A threshold (high threshold or low threshold) has
been fired.";
      }
    }  // notification nat-pool-event

    notification nat-instance-event {
      if-feature basic-nat44 or napt44 or nat64;
      description
        "Notifications must be generated when notify-addresses-usage
and/or notify-ports-usage thresholds are reached.";
      leaf id {
        type leafref {
          path "/nat/instances/instance/id";
        }
        mandatory true;
        description
          "NAT instance identifier.";
      }

      leaf notify-subscribers-threshold {
        type uint32;
        description
          "The notify-subscribers-limit threshold has been fired.";
      }

      leaf notify-addresses-threshold {
        type percent;
        description
          "The notify-addresses-usage threshold has been fired.";
      }

      leaf notify-ports-threshold {
        type percent;
        description
          "The notify-ports-usage threshold has been fired.";
      }
    }  // notification nat-instance-event
  }  // module ietf-nat

Summary

  
  
Organization IETF OPSAWG (Operations and Management Area Working Group)
  
Module ietf-nat
Version 2019-01-10
File ietf-nat@2019-01-10.yang
  
Prefix nat
Namespace urn:ietf:params:xml:ns:yang:ietf-nat
  
Cooked /cookedmodules/ietf-nat/2019-01-10
YANG /src/ietf-nat@2019-01-10.yang
XSD /xsd/ietf-nat@2019-01-10.xsd
  
Abstract This module is a YANG module for NAT implementations. NAT44, Network Address and Protocol Translation from IPv6 Clients to IPv4 ...
  
Contact
WG Web:   <https://datatracker.ietf.org/wg/opsawg/>
WG List:  <mailto:opsawg@ietf.org>

Editor:  Mohamed Boucadair
	 <mailto:mohamed.boucadair@orange.com>

Author:  Senthil Sivakumar
	 <mailto:ssenthil@cisco.com>

Author:  Christian Jacquenet
	 <mailto:christian.jacquenet@orange.com>

Author:  Suresh Vinapamula
	 <mailto:sureshk@juniper.net>

Author:  Qin Wu
	 <mailto:bill.wu@huawei.com>

Description

 
This module is a YANG module for NAT implementations.
NAT44, Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers (NAT64), customer-side translator
(CLAT), Stateless IP/ICMP Translation (SIIT), Explicit
Address Mappings (EAM) for SIIT, IPv6 Network Prefix
Translation (NPTv6), and Destination NAT are covered.

Copyright (c) 2018 IETF Trust and the persons identified as
authors of the code.  All rights reserved.

Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject
to the license terms contained in, the Simplified BSD License
set forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(http://trustee.ietf.org/license-info).

This version of this YANG module is part of RFC 8512; see
the RFC itself for full legal notices.

Typedefs

Typedef Base type Abstract
percent uint8 Percentage

Groupings

Grouping Objects Abstract
mapping-entry index type transport-protocol internal-src-address internal-src-port external-src-address external-src-port internal-dst-address internal-dst-port external-dst-address external-dst-port lifetime NAT mapping entry. If an attribute is not stored in the mapping/session table, it means the corresponding field of a packet that matches this entry is not rewritten by the NAT or this information is not required for NAT filtering purposes.
port-number start-port-number end-port-number An individual port number or a range of ports. When only start-port-number is present, it represents a single port number.
port-set port-type Indicates a set of port numbers. It may be a simple port range, or use the Port Set Identifier (PSID) algorithm to represent a range of transport-layer port numbers that will be used by a NAPT.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
nat container NAT module
   instances container NAT instances
      instance list A NAT instance. This identifier can be automatically assigned or explicitly configured.
         capabilities container NAT capabilities.
            address-and-port-dependent-filtering leaf Indicates whether address-and-port-dependent is supported.
            address-and-port-dependent-mapping-support leaf Indicates whether address-and-port-dependent-mapping is supported.
            address-dependent-filtering leaf Indicates whether address-dependent-filtering is supported.
            address-dependent-mapping-support leaf Indicates whether address-dependent-mapping is supported.
            address-roundrobin-support leaf Indicates whether address allocation round robin is supported.
            endpoint-independent-filtering-support leaf Indicates whether endpoint-independent-filtering is supported.
            endpoint-independent-mapping-support leaf Indicates whether endpoint-independent- mapping is supported.
            fragment-behavior leaf The fragment behavior is the NAT instance's capability to translate fragments received on the external interface of the NAT.
            nat-flavor leaf-list Supported translation type(s).
            paired-address-pooling-support leaf Indicates whether paired-address-pooling is supported
            per-interface-binding leaf-list Indicates the capability of a NAT to associate a particular NAT session not only with the five tuples used for the transport connection on both sides of the NAT but also with the internal interface on which the user device is connected to the NAT.
            port-parity-preservation-support leaf Indicates whether port parity preservation is supported.
            port-preservation-suport leaf Indicates whether port preservation is supported.
            port-randomization-support leaf Indicates whether port randomization is supported.
            port-range-allocation-support leaf Indicates whether port range allocation is supported.
            restricted-port-support leaf Indicates source port NAT restriction support.
            static-mapping-support leaf Indicates whether static mappings are supported.
            transport-protocols list List of supported protocols.
               protocol-id leaf The upper-layer protocol associated with a mapping. Values are taken from the IANA Protocol Numbers registry. For example, this field contains 6 for TCP, 17 for UDP, 33 for DCCP, or 132 for SCTP.
               protocol-name leaf The name of the upper-layer protocol associated with this mapping. For example, TCP, UDP, DCCP, and SCTP.
         connection-limits container Information about the configuration parameters that rate-limit the translation based upon various criteria.
            limit-per-instance leaf Rate-limit the number of new mappings and sessions per instance.
            limit-per-protocol list Configure limits per transport protocol
               limit leaf Limit the number of protocol-specific mappings and sessions per instance.
               protocol-id leaf The upper-layer protocol. Values are taken from the IANA Protocol Numbers registry. For example, this field contains 6 for TCP, 17 for UDP, 33 for DCCP, or 132 for SCTP.
            limit-per-subscriber leaf Rate-limit the number of new mappings and sessions per subscriber.
         enable leaf Status of the NAT instance.
         id leaf NAT instance identifier. The identifier must be greater than zero.
         mapping-limits container Information about the configuration parameters that limits the mappings based upon various criteria.
            limit-address-mappings leaf Maximum number of address mappings that can be handled by a NAT instance. When this limit is reached, packets that would normally trigger translation will be dropped.
            limit-per-protocol list Configure limits per transport protocol
               limit leaf Maximum number of protocol-specific NAT mappings per instance.
               protocol-id leaf The upper-layer protocol. Values are taken from the IANA Protocol Numbers registry. For example, this field contains 6 for TCP, 17 for UDP, 33 for DCCP, or 132 for SCTP.
            limit-port-mappings leaf Maximum number of port mappings that can be handled by a NAT instance. When this limit is reached, packets that would normally trigger translation will be dropped.
            limit-subscribers leaf Maximum number of subscribers that can be serviced by a NAT instance. A subscriber is identified by a given prefix.
         mapping-table container NAT mapping table. Applicable for functions that maintain static and/or dynamic mappings, such as NAT44, Destination NAT, NAT64, or CLAT.
            mapping-entry list NAT mapping entry.
               external-dst-address leaf Corresponds to the destination IP address/prefix of the packet sent on an external interface of the NAT.
               external-dst-port container Corresponds to the destination port number of the packet sent on the external interface of the NAT. It is also used to include the external destination ICMP identifier.
                  end-port-number leaf End of the port range.
                  start-port-number leaf Beginning of the port range.
               external-src-address leaf Source IP address/prefix of the packet sent on an external interface of the NAT.
               external-src-port container Source port of the packet sent on an external interface of the NAT. It is also used to indicate the external source ICMP identifier.
                  end-port-number leaf End of the port range.
                  start-port-number leaf Beginning of the port range.
               index leaf A unique identifier of a mapping entry. This identifier can be automatically assigned by the NAT instance or be explicitly configured.
               internal-dst-address leaf Corresponds to the destination IP address/prefix of the packet received on an internal interface of the NAT. For example, some NAT implementations support the translation of both source and destination addresses and port numbers, sometimes referred to as...
               internal-dst-port container Corresponds to the destination port of the IP packet received on the internal interface. It is also used to include the internal destination ICMP identifier.
                  end-port-number leaf End of the port range.
                  start-port-number leaf Beginning of the port range.
               internal-src-address leaf Corresponds to the source IPv4/IPv6 address/prefix of the packet received on an internal interface.
               internal-src-port container Corresponds to the source port of the packet received on an internal interface. It is also used to indicate the internal source ICMP identifier. As a reminder, all the ICMP Query messages contain an 'Identifier' field, which is referred to in this docum...
                  end-port-number leaf End of the port range.
                  start-port-number leaf Beginning of the port range.
               lifetime leaf When specified, it is used to track the connection that is fully formed (e.g., once the three-way handshake TCP is completed) or the duration for maintaining an explicit mapping alive. The mapping entry will be removed by the NAT instance once this lifet...
               transport-protocol leaf The upper-layer protocol associated with this mapping. Values are taken from the IANA Protocol Numbers registry: <https://www.iana.org/assignments/protocol-numbers/>. For example, this field contains 6 for TCP, 17 for UDP, 33 for DCCP, or 132 for SCTP. ...
               type leaf Indicates the type of a mapping entry. For example, a mapping can be: static, implicit dynamic, or explicit dynamic.
         name leaf A name associated with the NAT instance.
         nat-pass-through list IP prefix NAT pass-through.
            id leaf An identifier of the IP prefix pass-through.
            port leaf It must be possible to administratively turn off translation for specific destination addresses and/or ports. If no prefix is defined, the NAT pass-through bound to a given port applies for any destination address.
            prefix leaf The IP addresses that match should not be translated. It must be possible to administratively turn off translation for specific destination addresses and/or ports.
         notification-limits container Sets notification limits.
            notify-addresses-usage leaf Notification of address mappings usage over the whole NAT instance. Notification must be generated when the defined threshold is reached. For example, if a notification is required when the address mappings utilization reaches 90%, this configuration pa...
            notify-interval leaf Minimum number of seconds between successive notifications for this NAT instance.
            notify-ports-usage leaf Notification of port mappings usage over the whole NAT instance. Notification must be generated when the defined threshold is reached. For example, if a notification is required when the port mappings utilization reaches 90%, this configuration paramete...
            notify-subscribers-limit leaf Notification of active subscribers per NAT instance. Notification must be generated when the defined threshold is reached.
         per-interface-binding leaf A NAT that associates a particular NAT session not only with the five tuples used for the transport connection on both sides of the NAT but also with the internal interface on which the user device is connected to the NAT. If supported, this mode of oper...
         policy list NAT parameters for a given instance
            address-allocation-type leaf Specifies how external IP addresses are allocated.
            algs list Features related to the Application Layer Gateway (ALG).
               dst-transport-port container The destination port number(s) used by the ALG. For example, - 21 for the FTP ALG - 53 for the DNS ALG.
                  end-port-number leaf End of the port range.
                  start-port-number leaf Beginning of the port range.
               name leaf The name of the ALG.
               src-transport-port container The source port number(s) used by the ALG.
                  end-port-number leaf End of the port range.
                  start-port-number leaf Beginning of the port range.
               status leaf Enable/disable the ALG.
               transport-protocol leaf The transport protocol used by the ALG (e.g., TCP and UDP).
            all-algs-enable leaf Disable/enable all ALGs. When specified, this parameter overrides the one that may be indicated, eventually, by the 'status' of an individual ALG.
            clat-parameters container CLAT parameters.
               clat-ipv6-prefixes list 464XLAT double-translation treatment is stateless when a dedicated /64 is available for translation on the CLAT. Otherwise, the CLAT will have both stateful and stateless translation since it requires NAT44 from the LAN to a single IPv4 address and then ...
                  ipv6-prefix leaf An IPv6 prefix used for CLAT.
               ipv4-prefixes list Pool of IPv4 addresses used for CLAT. 192.0.0.0/29 is the IPv4 service continuity prefix.
                  ipv4-prefix leaf 464XLAT double-translation treatment is stateless when a dedicated /64 is available for translation on the CLAT. Otherwise, the CLAT will have both stateful and stateless translation since it requires NAT44 from the LAN to a single IPv4 address and then ...
            dst-ip-address-pool list Pool of IP addresses used for Destination NAT.
               dst-in-ip-pool leaf Is used to identify an internal destination IP prefix/address to be translated.
               dst-out-ip-pool leaf IP address/prefix used for Destination NAT.
               pool-id leaf An identifier of the address pool.
            dst-nat-enable leaf Enable/disable Destination NAT. A NAT44 may be configured to enable Destination NAT, too.
            eam list The Explicit Address Mapping Table is a conceptual table in which each row represents an EAM. Each EAM describes a mapping between IPv4 and IPv6 prefixes/addresses.
               ipv4-prefix leaf The IPv4 prefix of an EAM.
               ipv6-prefix leaf The IPv6 prefix of an EAM.
            external-ip-address-pool list Pool of external IP addresses used to service internal hosts. A pool is a set of IP prefixes.
               external-ip-pool leaf An IPv4 prefix used for NAT purposes.
               pool-id leaf An identifier that uniquely identifies the address pool within a NAT instance. The identifier must be greater than zero.
            external-realm container Identifies the external realm of the NAT instance.
               realm-type choice Can be an interface, VRF instance, etc.
                  interface case External interface.
                     external-interface leaf Name of the external interface.
            filtering-type leaf Indicates the type of NAT filtering.
            fragment-behavior leaf The fragment behavior instructs the NAT about the behavior to follow to translate fragments received on the external interface of the NAT.
            fragments-limit leaf Limits the number of out-of-order fragments that can be handled.
            id leaf An identifier of the NAT policy. It must be unique within the NAT instance.
            mapping-type leaf Indicates the type of NAT mapping.
            nat64-prefixes list Provides one or a list of NAT64 prefixes with or without a list of destination IPv4 prefixes. It allows mapping IPv4 address ranges to IPv6 prefixes. For example: 192.0.2.0/24 is mapped to 2001:db8:122:300::/56. 198.51.100.0/24 is mapped to 2001:db8:122::...
               destination-ipv4-prefix list An IPv4 prefix/address.
                  ipv4-prefix leaf An IPv4 address/prefix.
               nat64-prefix leaf A NAT64 prefix. Can be a Network-Specific Prefix (NSP) or a Well-Known Prefix (WKP). Organizations deploying stateless IPv4/IPv6 translation should assign an NSP to their IPv4/IPv6 translation service. For stateless NAT64, IPv4-translatable IPv6 address...
               stateless-enable leaf Enable explicitly stateless NAT64.
            notify-pool-usage container Notification of pool usage when certain criteria are met.
               high-threshold leaf Notification must be generated when the defined high threshold is reached. For example, if a notification is required when the pool utilization reaches 90%, this configuration parameter must be set to 90. Setting the same value as low-threshold is equiv...
               low-threshold leaf Notification must be generated when the defined low threshold is reached. For example, if a notification is required when the pool utilization reaches below 10%, this configuration parameter must be set to 10. 0% indicates that low-threshold notificatio...
               notify-interval leaf Minimum number of seconds between successive notifications for this pool.
               pool-id leaf Pool-ID for which the notification criteria is defined
            nptv6-prefixes list Provides one or a list of (internal IPv6 prefix, external IPv6 prefix) required for NPTv6. In its simplest form, NPTv6 interconnects two network links: one is an 'internal' network link attached to a leaf network within a single administrative domain, an...
               external-ipv6-prefix leaf An IPv6 prefix used by the external interface of NPTv6.
               internal-ipv6-prefix leaf An IPv6 prefix used by an internal interface of NPTv6.
            port-allocation-type leaf Indicates the type of port allocation.
            port-quota list Configures a port quota to be assigned per subscriber. It corresponds to the maximum number of ports to be used by a subscriber.
               port-limit leaf Configures a port quota to be assigned per subscriber. It corresponds to the maximum number of ports to be used by a subscriber.
               quota-type leaf Indicates whether the port quota applies to all protocols (0) or to a specific protocol.
            port-set container Manages port-set assignments.
            port-set-restrict container Configures contiguous and non-contiguous port ranges. The port set is used to restrict the external source port numbers used by the translator.
               port-type choice Port type: port-range or port-set-algo.
                  port-range case start-port-number end-port-number
                     end-port-number leaf End of the port range.
                     start-port-number leaf Beginning of the port range.
                  port-set-algo case psid-offset psid-len psid
                     psid leaf PSID value, which identifies a set of ports algorithmically.
                     psid-len leaf The length of PSID, representing the sharing ratio for an IPv4 address. (also known as 'k'). The address-sharing ratio would be 2^k.
                     psid-offset leaf The number of offset bits (a.k.a., 'a' bits). Specifies the numeric value for the excluded port range/offset bits. Allowed values are between 0 and 15.
               port-set-size leaf Indicates the size of assigned port sets.
               port-set-timeout leaf inactivity timeout for port sets.
            subscriber-mask-v6 leaf The subscriber mask is an integer that indicates the length of significant bits to be applied on the source IPv6 address (internal side) to unambiguously identify a user device (e.g., CPE). Subscriber mask is a system-wide configuration parameter that is...
            subscriber-match list IP prefix match. A subscriber is identified by a subnet.
               match-id leaf An identifier of the subscriber match.
               subnet leaf The IP address subnets that match should be translated. For example, all addresses that belong to the 192.0.2.0/24 prefix must be processed by the NAT.
            timers container Configure values of various timeouts.
               fragment-min-timeout leaf As long as the NAT has available resources, the NAT allows the fragments to arrive over the fragment-min-timeout interval. The default value is inspired from RFC 6146.
               hold-down-max leaf Maximum ports in the hold-down port pool.
               hold-down-timeout leaf Hold-down timer. Ports in the hold-down pool are not reassigned until hold-down-timeout expires. The length of time and the maximum number of ports in this state must be configurable by the administrator. This is necessary in order to prevent collision...
               icmp-timeout leaf An ICMP Query session timer must not expire in less than 60 seconds. It is recommended that the ICMP Query session timer be made configurable
               per-port-timeout list Some NATs are configurable with short timeouts for some ports, e.g., as 10 seconds on port 53 (DNS) and 123 (NTP), and longer timeouts on other ports.
                  port-number leaf A port number.
                  protocol leaf The upper-layer protocol associated with this port. Values are taken from the IANA Protocol Numbers registry. If no protocol is indicated, it means 'any protocol'.
                  timeout leaf Timeout for this port number
               tcp-idle-timeout leaf TCP idle timeout should be 2 hours and 4 minutes.
               tcp-in-syn-timeout leaf A NAT must not respond to an unsolicited inbound SYN packet for at least 6 seconds after the packet is received. If during this interval the NAT receives and translates an outbound SYN for the connection the NAT must silently drop the original unsolicite...
               tcp-trans-close-timeout leaf The value of the transitory close connection idle-timeout. A NAT should provide different configurable parameters for configuring the open and closing idle timeouts.
               tcp-trans-open-timeout leaf The value of the transitory open connection idle-timeout. A NAT should provide different configurable parameters for configuring the open and closing idle timeouts. To accommodate deployments that consider a partially open timeout of 4 minutes as being ...
               udp-timeout leaf UDP inactivity timeout. That is the time a mapping will stay active without packets traversing the NAT.
            transport-protocols list Configure the transport protocols to be handled by the translator. TCP and UDP are supported by default.
               protocol-id leaf The upper-layer protocol associated with this mapping. Values are taken from the IANA Protocol Numbers registry. For example, this field contains 6 for TCP, 17 for UDP, 33 for DCCP, or 132 for SCTP.
               protocol-name leaf The name of the upper-layer protocol associated with this mapping. For example, TCP, UDP, DCCP, and SCTP.
         statistics container Statistics related to the NAT instance.
            discontinuity-time leaf The time on the most recent occasion at which the NAT instance suffered a discontinuity. This must be initialized when the NAT instance is configured or rebooted.
            mappings-statistics container Mappings statistics.
               total-active-subscribers leaf Total number of active subscribers (that is, subscribers for which the NAT maintains active mappings). A subscriber is identified by a subnet, subscriber-mask, etc.
               total-address-mappings leaf Total number of address mappings present at a given time. It includes both static and dynamic mappings.
               total-per-protocol list Total mappings for each enabled/supported protocol.
                  protocol-id leaf The upper-layer protocol. For example, this field contains 6 for TCP, 17 for UDP, 33 for DCCP, or 132 for SCTP.
                  total leaf Total number of a protocol-specific mappings present at a given time. The protocol is identified by protocol-id.
               total-port-mappings leaf Total number of NAT port mappings present at a given time. It includes both static and dynamic mappings.
            pools-stats container Statistics related to address/prefix pools usage
               addresses-allocated leaf Number of all allocated addresses.
               addresses-free leaf Number of unallocated addresses of all pools at a given time. The sum of unallocated and allocated addresses is the total number of addresses of the pools.
               per-pool-stats list Statistics related to address/prefix pool usage
                  discontinuity-time leaf The time on the most recent occasion at which this pool counter suffered a discontinuity. This must be initialized when the address pool is configured.
                  pool-id leaf Unique identifier that represents a pool of addresses/prefixes.
                  pool-stats container Statistics related to address/prefix pool usage
                     addresses-allocated leaf Number of allocated addresses from this pool.
                     addresses-free leaf Number of unallocated addresses in this pool.
                  port-stats container Statistics related to port numbers usage.
                     ports-allocated leaf Number of allocated ports from this pool.
                     ports-free leaf Number of unallocated addresses from this pool.
               ports-stats container Statistics related to port numbers usage.
                  ports-allocated leaf Number of allocated ports from all pools.
                  ports-free leaf Number of unallocated addresses from all pools.
            traffic-statistics container Generic traffic statistics.
               dropped-address-bytes leaf Counter of dropped packets because no address is available for allocation, in bytes.
               dropped-address-limit-bytes leaf Counter of dropped packets because an address limit is reached, in bytes.
               dropped-address-limit-packets leaf Number of dropped packets because an address limit is reached.
               dropped-address-packets leaf Number of dropped packets because no address is available for allocation.
               dropped-bytes leaf Counter for dropped traffic in bytes.
               dropped-fragments leaf Number of dropped fragments on the external realm.
               dropped-packets leaf Number of dropped packets.
               dropped-port-bytes leaf Counter of dropped packets because no port is available for allocation, in bytes.
               dropped-port-limit-bytes leaf Counter of dropped packets because a port limit is reached, in bytes.
               dropped-port-limit-packets leaf Number of dropped packets because a port limit is reached.
               dropped-port-packets leaf Number of dropped packets because no port is available for allocation.
               dropped-subscriber-limit-bytes leaf Counter of dropped packets because the subscriber limit per instance is reached, in bytes.
               dropped-subscriber-limit-packets leaf Number of dropped packets because the subscriber limit per instance is reached.
               rcvd-bytes leaf Counter for received traffic in bytes.
               rcvd-packets leaf Number of received packets.
               sent-bytes leaf Counter for sent traffic in bytes.
               sent-packets leaf Number of packets sent.
         type leaf Specify the translation type. Particularly useful when multiple translation flavors are supported. If one type is supported by a NAT, this parameter is by default set to that type.

Notifications

Notification Abstract
nat-instance-event Notifications must be generated when notify-addresses-usage and/or notify-ports-usage thresholds are reached.
nat-pool-event Notifications must be generated when the defined high/low threshold is reached. Related configuration parameters must be provided to trigger the notifications.