module junos-es-conf-tenants {

    yang-version 1;

    namespace
      "http://yang.juniper.net/junos-es/conf/tenants";

    prefix jc-tenants;

    import junos-common-ddl-extensions {
      prefix junos;
      revision-date "2019-01-01";
    }
    import junos-common-types {
      prefix jt;
      revision-date "2019-01-01";
    }
    import junos-es-conf-root {
      prefix jc;
      revision-date "2019-01-01";
    }

    organization "Juniper Networks, Inc.";

    contact "yang-support@juniper.net";

    description
      "Junos tenants configuration module";

    revision "2019-01-01" {
      description "Junos: 21.3R1.9";
    }


    augment /jc:configuration {
      uses tenants-group;
    }

    augment /jc:configuration/jc:groups {
      uses tenants-group;
    }

    grouping tenants-group {
      list tenants {
        key "name";
        description
          "Tenants defined in this system";
        uses juniper-tenant;
      }  // list tenants
    }  // grouping tenants-group

    grouping juniper-tenant {
      description
        "Logical system tenants configuration";
      leaf name {
        junos:must "(!("logical-systems $$"))";
        junos:must-message "Root tenant name cannot be the same as logical-system name";
        type string {
          junos:posix-pattern "![^a-zA-Z0-9-]|(^(all|.{64,})$)";
          junos:pattern-message "Tenant name is a string consisting of up to 63 letters, numbers and dashes";
        }
        description "Tenant name";
      }

      uses apply-advanced;

      container interfaces {
        description
          "Interface configuration";
        uses apply-advanced;

        list interface {
          key "name";
          uses tenant_interfaces_type;
        }  // list interface
      }  // container interfaces

      container routing-instances {
        description
          "Routing instance configuration";
        uses apply-advanced;

        list instance {
          key "name";
          uses juniper-routing-instance;
        }  // list instance
      }  // container routing-instances

      container security {
        description "Security configuration";
        uses apply-advanced;

        container alarms {
          description
            "Configure security alarms";
          uses apply-advanced;

          container audible {
            presence "enable audible";
            description
              "Beep when new security alarms arrive";
            uses apply-advanced;

            leaf continuous {
              type empty;
              description
                "Keep beeping until all security alarms have been cleared";
            }
          }  // container audible

          container potential-violation {
            description
              "Configure potential security violations";
            uses apply-advanced;

            leaf authentication {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 10";
                }
              }
              description
                "Raise alarm for specified number of authentication failures";
            }

            leaf cryptographic-self-test {
              type empty;
              description
                "Raise alarm for cryptographic self test failures";
            }

            container decryption-failures {
              presence
                "enable decryption-failures";
              description
                "No. of decryption failures before which an alarm needs to be raised";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000000";
                  }
                }
                default "1000";
                description
                  "Threshold value [default is 1000]";
              }
            }  // container decryption-failures

            container encryption-failures {
              presence
                "enable encryption-failures";
              description
                "No. of encryption failures before which an alarm needs to be raised";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000000";
                  }
                }
                default "1000";
                description
                  "Threshold value [default is 1000]";
              }
            }  // container encryption-failures

            container ike-phase1-failures {
              presence
                "enable ike-phase1-failures";
              description
                "No. of IKE Phase-1 failures before which an alarm needs to be raised";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000000";
                  }
                }
                default "20";
                description
                  "Threshold value [default is 20]";
              }
            }  // container ike-phase1-failures

            container ike-phase2-failures {
              presence
                "enable ike-phase2-failures";
              description
                "No. of IKE Phase-2 failures before which an alarm needs to be raised";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000000";
                  }
                }
                default "20";
                description
                  "Threshold value [default is 20]";
              }
            }  // container ike-phase2-failures

            leaf key-generation-self-test {
              type empty;
              description
                "Raise alarm for key generation self test failures";
            }

            leaf non-cryptographic-self-test {
              type empty;
              description
                "Raise alarm for non-cryptographic self test failures";
            }

            container policy {
              description
                "Raise alarm for flow policy violations";
              uses apply-advanced;

              container source-ip {
                presence "enable source-ip";
                description
                  "Configure source address type of policy violation";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "1 .. 4294967295";
                    }
                  }
                  default "1000";
                  description
                    "Number of source IP address matches to raise alarm";
                }

                leaf duration {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 3600";
                    }
                  }
                  units "seconds";
                  default "1";
                  description
                    "Time window matches must occur within";
                }

                leaf size {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10240";
                    }
                  }
                  default "1024";
                  description
                    "Total source IP address number that can be done policy violation check concurrently";
                }
              }  // container source-ip

              container destination-ip {
                presence
                  "enable destination-ip";
                description
                  "Configure destination address type of policy violation";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "1 .. 4294967295";
                    }
                  }
                  default "1000";
                  description
                    "Number of destination IP address matches to raise alarm";
                }

                leaf duration {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 3600";
                    }
                  }
                  units "seconds";
                  default "1";
                  description
                    "Time window matches must occur within";
                }

                leaf size {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10240";
                    }
                  }
                  default "1024";
                  description
                    "Total destination IP address number that can be done policy violation check concurrently";
                }
              }  // container destination-ip

              container application {
                presence
                  "enable application";
                description
                  "Configure application type of policy violation";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "1 .. 4294967295";
                    }
                  }
                  default "1000";
                  description
                    "Number of application matches to raise alarm";
                }

                leaf duration {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 3600";
                    }
                  }
                  units "seconds";
                  default "1";
                  description
                    "Time window matches must occur within";
                }

                leaf size {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10240";
                    }
                  }
                  default "1024";
                  description
                    "Total application number that can be done policy violation check concurrently";
                }
              }  // container application

              container policy-match {
                presence
                  "enable policy-match";
                description
                  "Configure policy type of policy violation";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "1 .. 4294967295";
                    }
                  }
                  default "100";
                  description
                    "Number of policy matches to raise alarm";
                }

                leaf duration {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 3600";
                    }
                  }
                  units "seconds";
                  default "1";
                  description
                    "Time window matches must occur within";
                }

                leaf size {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10240";
                    }
                  }
                  default "1024";
                  description
                    "Total concurrent number of policy check violations";
                }
              }  // container policy-match
            }  // container policy

            container replay-attacks {
              presence
                "enable replay-attacks";
              description
                "No. of Replay attacks before which an alarm needs to be raised";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000000";
                  }
                }
                default "1000";
                description
                  "Replay threshold value";
              }
            }  // container replay-attacks

            leaf security-log-percent-full {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "0 .. 100";
                }
              }
              description
                "Raise alarm when security log exceeds this percent capacity";
            }

            leaf idp {
              type empty;
              description
                "Raise alarm for idp attack";
            }
          }  // container potential-violation
        }  // container alarms

        container log {
          description
            "Configure security log";
          uses log-object;
        }  // container log

        container certificates {
          description
            "X.509 certificate configuration";
          uses apply-advanced;

          list local {
            key "name";
            ordered-by user;
            description
              "Local X.509 certificate configuration";
            uses certificate-object;
          }  // list local

          leaf path-length {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 15";
              }
            }
            default "15";
            description
              "Maximum certificate path length";
          }

          leaf maximum-certificates {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "64 .. 4294967295";
              }
            }
            default "1024";
            description
              "Maximum number of certificates to cache";
          }

          leaf cache-size {
            type string;
            units "bytes";
            description
              "Maximum size of certificate cache";
          }

          leaf cache-timeout-negative {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 4294967295";
              }
            }
            default "20";
            description
              "Time in seconds to cache negative responses";
          }

          leaf enrollment-retry {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1080";
              }
            }
            description
              "Number of retry attempts for an enrollment request";
          }

          list certification-authority {
            key "name";
            ordered-by user;
            description
              "CA X.509 certificate configuration";
            leaf name {
              type string {
                junos:posix-pattern "^.{1,32}$";
                junos:pattern-message "Must be string of 32 characters or less";
              }
              description "CA profile name";
            }

            uses apply-advanced;

            leaf ca-name {
              type string;
              description "CA name";
            }

            leaf file {
              type string;
              description
                "File to read certificate from";
            }

            leaf crl {
              type string;
              description
                "File to read crl from";
            }

            leaf enrollment-url {
              type string;
              description "URL";
            }

            leaf ldap-url {
              type string;
              description "URL";
            }

            leaf encoding {
              type enumeration {
                enum "binary" {
                  value 0;
                  description "DER encoding";
                }
                enum "pem" {
                  value 1;
                  description
                    "Privacy-enhanced-mail encoding, base64";
                }
              }
              default "binary";
              description
                "Encoding to use for certificate or CRL on disk";
            }
          }  // list certification-authority
        }  // container certificates

        container authentication-key-chains {
          description
            "Authentication key chain configuration";
          uses security-authentication-key-chains;
        }  // container authentication-key-chains

        container ssh-known-hosts {
          description "SSH known host list";
          uses apply-advanced;

          list host {
            key "name";
            ordered-by user;
            description
              "SSH known host entry";
            leaf name {
              type string;
              description "Host name";
            }

            uses apply-advanced;

            leaf rsa1-key {
              type string;
              description
                "Base64 encoded RSA key (protocol version 1)";
            }

            leaf rsa-key {
              type string;
              description
                "Base64 encoded RSA key";
            }

            leaf dsa-key {
              type string;
              description
                "Base64 encoded DSA key";
            }

            leaf ecdsa-key {
              type string;
              status deprecated;
              description
                "Base64 encoded ECDSA key";
            }

            leaf ecdsa-sha2-nistp256-key {
              type string;
              description
                "Base64 encoded ECDSA-SHA2-NIST256 key";
            }

            leaf ecdsa-sha2-nistp384-key {
              type string;
              description
                "Base64 encoded ECDSA-SHA2-NIST384 key";
            }

            leaf ecdsa-sha2-nistp521-key {
              type string;
              description
                "Base64 encoded ECDSA-SHA2-NIST521 key";
            }

            leaf ed25519-key {
              type string;
              description
                "Base64 encoded ED25519 key";
            }
          }  // list host
        }  // container ssh-known-hosts

        container pki {
          presence "enable pki";
          description
            "PKI service configuration";
          uses security-pki;
        }  // container pki

        container ike {
          description "IKE configuration";
          uses security-ike;
        }  // container ike

        container ipsec {
          description "IPSec configuration";
          uses security-ipsec-vpn;
        }  // container ipsec

        container group-vpn {
          description
            "Group VPN configuration";
          uses security-group-vpn;
        }  // container group-vpn

        container ipsec-policy {
          description
            "IPSec policy configuration";
          uses security-ipsec-policies;
        }  // container ipsec-policy

        container distribution-profile {
          description
            "IPSec Tunnels distribution profile";
          uses apply-advanced;

          leaf fat-core {
            type empty;
            description
              "Power Mode IPSec fat-tunnel mode";
          }
        }  // container distribution-profile

        container idp {
          description "Configure IDP";
          list idp-policy {
            key "name";
            ordered-by user;
            description
              "Configure IDP policy";
            uses idp-policy-type;
          }  // list idp-policy

          leaf active-policy {
            junos:must "("security idp idp-policy $$")";
            junos:must-message "Policy must be defined under [security idp idp-policy] ";
            type string;
            status deprecated;
            description "Set active policy";
          }

          leaf default-policy {
            junos:must "("security idp idp-policy $$")";
            junos:must-message "Policy must be defined under [security idp idp-policy] ";
            type string;
            description "Set active policy";
          }

          list custom-attack {
            key "name";
            ordered-by user;
            description
              "Configure custom attacks";
            uses custom-attack-type;
          }  // list custom-attack

          list custom-attack-group {
            key "name";
            ordered-by user;
            description
              "Configure custom attack groups";
            uses custom-attack-group-type;
          }  // list custom-attack-group

          list dynamic-attack-group {
            key "name";
            ordered-by user;
            description
              "Configure dynamic attack groups";
            uses dynamic-attack-group-type;
          }  // list dynamic-attack-group

          container traceoptions {
            description
              "Trace options for idp services";
            uses idpd-traceoptions-type;
          }  // container traceoptions

          container security-package {
            description
              "Security package options";
            uses apply-advanced;

            leaf url {
              type string;
              description
                "URL of Security package download";
            }

            leaf source-address {
              type jt:ipv4addr;
              description
                "Source address to be used for sending download request";
            }

            leaf proxy-profile {
              junos:must "("services proxy profile $$")";
              junos:must-message "Referenced Proxy profile must be defined under [services proxy profile] path";
              type string {
                length "1 .. 64";
              }
              description
                "Proxy profile of security package download";
            }

            leaf routing-instance {
              junos:must "("routing-instances $$")";
              junos:must-message "Routing-instance must be defined";
              type string;
              description
                "Routing instance for security-package download";
            }

            container install {
              presence "enable install";
              description
                "Configure install command";
              uses apply-advanced;

              leaf ignore-version-check {
                type empty;
                description
                  "Skip version check  when attack database gets installed";
              }

              leaf ignore-appid-failure {
                type empty;
                description
                  "Continue idp installation even if appid installation fails";
              }
            }  // container install

            container automatic {
              presence "enable automatic";
              description
                "Scheduled download and update";
              uses apply-advanced;

              leaf start-time {
                type jt:time;
                description
                  "Start time (YYYY-MM-DD.HH:MM:SS)";
              }

              leaf interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 336";
                  }
                }
                units "hours";
                description "Interval";
              }

              leaf download-timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 60";
                  }
                }
                units "minutes";
                default "1";
                status deprecated;
                description
                  "Maximum time for download to complete";
              }

              choice enable-disable {
                leaf enable {
                  type empty;
                  description "Enable";
                }
              }  // choice enable-disable
            }  // container automatic
          }  // container security-package

          container sensor-configuration {
            description
              "IDP Sensor Configuration";
            container log {
              description
                "IDP Log Configuration";
              uses apply-advanced;

              leaf cache-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description "Log cache size";
              }

              container suppression {
                presence
                  "enable suppression";
                description
                  "Log suppression";
                uses apply-advanced;

                choice enable-disable {
                  leaf disable {
                    type empty;
                    description
                      "Disable log suppression";
                  }
                }  // choice enable-disable

                choice include-destination-address-choice {
                  leaf include-destination-address {
                    type empty;
                    description
                      "Include destination address while performing a log suppression";
                  }
                  leaf no-include-destination-address {
                    type empty;
                    description
                      "Don't include destination address while performing a log suppression";
                  }
                }  // choice include-destination-address-choice

                leaf start-log {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                  description
                    "Suppression start log";
                }

                leaf max-logs-operate {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                  description
                    "Maximum logs can be operate on";
                }

                leaf max-time-report {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                  description
                    "Time after suppressed logs will be reported";
                }
              }  // container suppression
            }  // container log

            container packet-log {
              description
                "IDP Packetlog Configuration";
              uses apply-advanced;

              container total-memory {
                description
                  "Total memory unit(%)";
                uses apply-advanced;

                leaf percentage-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                }

                leaf per-logical-domain {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                }
              }  // container total-memory

              container max-sessions {
                description
                  "Max num of sessions in unit(%)";
                uses apply-advanced;

                leaf percentage-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                }

                leaf per-logical-domain {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32;
                  }
                }
              }  // container max-sessions

              leaf threshold-logging-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Interval of logs for max limit session/memory reached in minutes";
              }

              leaf source-address {
                type jt:ipv4addr;
                description
                  "Source IP address used to transport packetlog to a host";
              }

              container host {
                description
                  "Destination host to send packetlog to";
                uses apply-advanced;

                leaf ipaddr {
                  type jt:ipv4addr;
                  description "IP address";
                }

                leaf port {
                  type union {
                    type uint16;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "UDP port number";
                }
              }  // container host
            }  // container packet-log

            container application-identification {
              presence
                "enable application-identification";
              description
                "Application identification";
              uses apply-advanced;

              choice enable-disable {
                leaf disable {
                  type empty;
                  description
                    "Disable application identification";
                }
              }  // choice enable-disable

              choice application-system-cache-choice {
                leaf application-system-cache {
                  type empty;
                  description
                    "Application system cache";
                }
                leaf no-application-system-cache {
                  type empty;
                  description
                    "Don't application system cache";
                }
              }  // choice application-system-cache-choice

              leaf max-tcp-session-packet-memory {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                status deprecated;
                description
                  "Max TCP session memory";
              }

              leaf max-udp-session-packet-memory {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                status deprecated;
                description
                  "Max UDP session memory";
              }

              leaf max-sessions {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                status deprecated;
                description
                  "Max sessions that can run AI at the same time";
              }

              leaf max-packet-memory {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                status deprecated;
                description
                  "Max packet memory";
              }

              leaf max-packet-memory-ratio {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Max packet memory ratio";
              }

              leaf max-reass-packet-memory-ratio {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                status deprecated;
                description
                  "Max reass packet memory ratio";
              }

              leaf application-system-cache-timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Application system cache timeout";
              }
            }  // container application-identification

            container flow {
              description
                "Flow configuration";
              uses apply-advanced;

              choice log-errors-choice {
                leaf log-errors {
                  type empty;
                  description
                    "Flow log errors";
                }
                leaf no-log-errors {
                  type empty;
                  description
                    "Don't flow log errors";
                }
              }  // choice log-errors-choice

              choice allow-icmp-without-flow-choice {
                leaf allow-icmp-without-flow {
                  type empty;
                  status deprecated;
                  description
                    "Allow icmp without flow";
                }
                leaf no-allow-icmp-without-flow {
                  type empty;
                  status deprecated;
                  description
                    "Don't allow icmp without flow";
                }
              }  // choice allow-icmp-without-flow-choice

              leaf hash-table-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Flow hash table size";
              }

              leaf reject-timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Flow reject timeout";
              }

              leaf max-timers-poll-ticks {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum timers poll ticks";
              }

              leaf fifo-max-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum fifo size";
              }

              leaf udp-anticipated-timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum udp anticipated timeout";
              }

              leaf drop-on-limit {
                type empty;
                description
                  "Drop connections on exceeding resource limits";
              }

              leaf drop-on-failover {
                type empty;
                description
                  "Drop traffic on HA failover sessions";
              }

              leaf drop-if-no-policy-loaded {
                type empty;
                description
                  "Drop all traffic till IDP policy gets loaded";
              }

              leaf max-sessions-offset {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum session offset limit percentage";
              }

              leaf min-objcache-limit-lt {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Memory lower threshold limit percentage";
              }

              leaf min-objcache-limit-ut {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Memory upper threshold limit percentage";
              }

              leaf session-steering {
                type empty;
                description
                  "Session steering for session anticipation";
              }

              leaf idp-bypass-cpu-usg-overload {
                type empty;
                description
                  "Enable IDP bypass of sessions/packets on CPU usage overload";
              }

              leaf idp-bypass-cpu-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "85";
                description
                  "Threshold of CPU usage in percentage for IDP bypass";
              }

              leaf idp-bypass-cpu-tolerance {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "5";
                description
                  "Tolerance of CPU usage in percentage for IDP bypass";
              }

              leaf intel-inspect-enable {
                type empty;
                description
                  "Minimizes IDP processing during system overload";
              }

              leaf intel-inspect-cpu-usg-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "80";
                description
                  "CPU usage threshold percentage for intelligent inspection";
              }

              leaf intel-inspect-cpu-usg-tolerance {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "5";
                description
                  "CPU usage tolerance percentage for intelligent inspection";
              }

              leaf intel-inspect-free-mem-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "15";
                description
                  "Free memory threshold percentage for intelligent inspection";
              }

              leaf intel-inspect-mem-tolerance {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "5";
                description
                  "Memory tolerance percentage for intelligent inspection";
              }

              leaf intel-inspect-disable-content-decompress {
                type empty;
                description
                  "Disables payload content decompression";
              }

              leaf intel-inspect-session-bytes-depth {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "0";
                description
                  "Session bytes scanning depth";
              }

              leaf-list intel-inspect-protocols {
                type string;
                ordered-by user;
                description
                  "Protocols to be processed in Intelligent Inspection mode";
              }

              leaf-list intel-inspect-signature-severity {
                junos:must "("security idp sensor-configuration flow intel-inspect-enable")";
                junos:must-message "intelligent inspection must be enabled under [security idp sensor-configuration flow]";
                type enumeration {
                  enum "minor" {
                    value 0;
                  }
                  enum "major" {
                    value 1;
                  }
                  enum "critical" {
                    value 2;
                  }
                }
                ordered-by user;
                description
                  "Signature severities to be considered for IDP processing";
              }
            }  // container flow

            container re-assembler {
              description
                "Re-assembler configuration";
              uses apply-advanced;

              choice drop-on-syn-in-window-choice {
                leaf drop-on-syn-in-window {
                  type empty;
                  description
                    "Drop session when SYN is seen in the window";
                }
                leaf no-drop-on-syn-in-window {
                  type empty;
                  description
                    "Don't drop session when SYN is seen in the window";
                }
              }  // choice drop-on-syn-in-window-choice

              choice ignore-memory-overflow-choice {
                leaf ignore-memory-overflow {
                  type empty;
                  description
                    "Ignore memory overflow";
                }
                leaf no-ignore-memory-overflow {
                  type empty;
                  description
                    "Don't ignore memory overflow";
                }
              }  // choice ignore-memory-overflow-choice

              choice ignore-reassembly-memory-overflow-choice {
                leaf ignore-reassembly-memory-overflow {
                  type empty;
                  description
                    "Ignore packet reassembly memory overflow";
                }
                leaf no-ignore-reassembly-memory-overflow {
                  type empty;
                  description
                    "Don't ignore packet reassembly memory overflow";
                }
              }  // choice ignore-reassembly-memory-overflow-choice

              leaf ignore-reassembly-overflow {
                type empty;
                description
                  "Ignore global reassembly overflow";
              }

              leaf max-packet-mem {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                status deprecated;
                description
                  "Maximum packet memory";
              }

              leaf max-flow-mem {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum flow memory";
              }

              leaf max-packet-mem-ratio {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum packet memory ratio";
              }

              leaf action-on-reassembly-failure {
                type enumeration {
                  enum "ignore" {
                    value 0;
                    description
                      "No action is taken.";
                  }
                  enum "drop" {
                    value 1;
                    description
                      "Drop the packet.";
                  }
                  enum "drop-session" {
                    value 2;
                    description
                      "Drop the session.";
                  }
                }
                default "drop";
                description
                  "Select the action on reassembly failures";
              }

              choice tcp-error-logging-choice {
                leaf tcp-error-logging {
                  type empty;
                  description
                    "Enable logging on tcp errors";
                }
                leaf no-tcp-error-logging {
                  type empty;
                  description
                    "Don't enable logging on tcp errors";
                }
              }  // choice tcp-error-logging-choice

              leaf max-synacks-queued {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum syn-acks queued with different SEQ numbers ";
              }

              choice force-tcp-window-checks-choice {
                leaf force-tcp-window-checks {
                  type empty;
                  description
                    "Force TCP window checks if uni-directional policy is configured";
                }
                leaf no-force-tcp-window-checks {
                  type empty;
                  description
                    "Don't force TCP window checks if uni-directional policy is configured";
                }
              }  // choice force-tcp-window-checks-choice
            }  // container re-assembler

            container ips {
              description
                "Ips configuration";
              uses apply-advanced;

              choice process-override-choice {
                leaf process-override {
                  type empty;
                  description
                    "Process override";
                }
                leaf no-process-override {
                  type empty;
                  description
                    "Don't process override";
                }
              }  // choice process-override-choice

              choice detect-shellcode-choice {
                leaf detect-shellcode {
                  type empty;
                  description
                    "Detect shellcode";
                }
                leaf no-detect-shellcode {
                  type empty;
                  description
                    "Don't detect shellcode";
                }
              }  // choice detect-shellcode-choice

              choice process-ignore-s2c-choice {
                leaf process-ignore-s2c {
                  type empty;
                  description
                    "Process ignore s2c";
                }
                leaf no-process-ignore-s2c {
                  type empty;
                  description
                    "Don't process ignore s2c";
                }
              }  // choice process-ignore-s2c-choice

              choice ignore-regular-expression-choice {
                leaf ignore-regular-expression {
                  type empty;
                  description
                    "Ignore regular expression";
                }
                leaf no-ignore-regular-expression {
                  type empty;
                  description
                    "Don't ignore regular expression";
                }
              }  // choice ignore-regular-expression-choice

              leaf process-port {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description "Process port";
              }

              leaf fifo-max-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum fifo size";
              }

              leaf log-supercede-min {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Minimum log supercede";
              }

              leaf content-decompression-max-memory-kb {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum memory usage in kilo bytes";
              }

              leaf content-decompression-max-ratio {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Maximum decompression ratio supported";
              }

              leaf session-pkt-depth {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Session pkt scanning depth";
              }
            }  // container ips

            container global {
              description
                "Global configuration";
              uses apply-advanced;

              choice enable-packet-pool-choice {
                leaf enable-packet-pool {
                  type empty;
                  description
                    "Enable packet pool";
                }
                leaf no-enable-packet-pool {
                  type empty;
                  description
                    "Don't enable packet pool";
                }
              }  // choice enable-packet-pool-choice

              leaf log-xff-header {
                type empty;
                description "Log xff header";
              }

              choice enable-all-qmodules-choice {
                leaf enable-all-qmodules {
                  type empty;
                  description
                    "Enable all qmodules";
                }
                leaf no-enable-all-qmodules {
                  type empty;
                  description
                    "Don't enable all qmodules";
                }
              }  // choice enable-all-qmodules-choice

              choice policy-lookup-cache-choice {
                leaf policy-lookup-cache {
                  type empty;
                  description
                    "Policy lookup cache";
                }
                leaf no-policy-lookup-cache {
                  type empty;
                  description
                    "Don't policy lookup cache";
                }
              }  // choice policy-lookup-cache-choice

              leaf memory-limit-percent {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                description
                  "Memory limit percentage";
              }

              leaf disable-idp-processing {
                type empty;
                description
                  "Flag to disable IDP processing";
              }

              leaf intelligent-offload {
                type enumeration {
                  enum "disable" {
                    value 0;
                    description
                      "Disable flow offload";
                  }
                  enum "conservative" {
                    value 1;
                    description
                      "Increases scrutiny of flows prior to offload";
                  }
                }
                description
                  "Intelligently offload the flow";
              }
            }  // container global

            container detector {
              description
                "Detector Configuration";
              uses apply-advanced;

              list protocol-name {
                key "name";
                ordered-by user;
                description
                  "Apropriate help string";
                uses proto-object;
              }  // list protocol-name
            }  // container detector

            container ssl-inspection {
              description "SSL inspection";
              uses apply-advanced;

              leaf sessions {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "10000";
                description
                  "Number of SSL sessions to inspect";
              }

              leaf session-id-cache-timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                units "seconds";
                default "600";
                description
                  "Timeout value for SSL session ID cache";
              }

              leaf maximum-cache-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                units "sessions";
                default "100000";
                description
                  "Maximum SSL session ID cache size";
              }

              leaf cache-prune-chunk-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "100";
                description
                  "Number of cache entries to delete when pruning SSL session ID cache";
              }

              leaf key-protection {
                type empty;
                description
                  "Enable SSL key protection";
              }
            }  // container ssl-inspection

            leaf disable-low-memory-handling {
              type empty;
              description
                "Do not abort IDP operations under low memory condition";
            }

            container high-availability {
              description
                "High availability configuration";
              uses apply-advanced;

              leaf no-policy-cold-synchronization {
                type empty;
                description
                  "Disable policy cold synchronization";
              }
            }  // container high-availability

            container security-configuration {
              description
                "IDP security configuration";
              uses apply-advanced;

              leaf protection-mode {
                type enumeration {
                  enum "datacenter" {
                    value 0;
                    description
                      "Security protection mode for datacenter";
                  }
                  enum "datacenter-full" {
                    value 1;
                    description
                      "Full security protection mode for datacenter";
                  }
                  enum "perimeter" {
                    value 2;
                    description
                      "Security protection mode for perimeter";
                  }
                  enum "perimeter-full" {
                    value 3;
                    description
                      "Full security protection mode for perimeter";
                  }
                }
                description
                  "Enable security protection mode";
              }
            }  // container security-configuration
          }  // container sensor-configuration

          leaf max-sessions {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Max number of IDP sessions";
          }

          list logical-system {
            key "name";
            ordered-by user;
            description
              "Configure max IDP sessions for the logial system";
            uses logical-system-type;
          }  // list logical-system

          list tenant-system {
            key "name";
            ordered-by user;
            description
              "Configure max IDP sessions for the tenant";
            uses tenant-system-type;
          }  // list tenant-system

          uses apply-advanced;

          container processes {
            description
              "Configure IDP Processes";
            uses apply-advanced;
          }  // container processes
        }  // container idp

        list address-book {
          key "name";
          max-elements 4096;
          ordered-by user;
          description
            "Security address book";
          uses named-address-book-type;
        }  // list address-book

        container alg {
          description
            "Configure ALG security options";
          uses alg-object;
        }  // container alg

        container application-firewall {
          presence
            "enable application-firewall";
          status deprecated;
          description
            "Configure application-firewall rule-sets";
          uses apply-advanced;

          container traceoptions {
            description
              "Rule-sets Tracing Options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "lookup" {
                    value 1;
                    description
                      "Trace lookup events";
                  }
                  enum "compilation" {
                    value 2;
                    description
                      "Rule-sets compilation events";
                  }
                  enum "ipc" {
                    value 3;
                    description
                      "Inter-process communication events";
                  }
                  enum "all" {
                    value 4;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          list profile {
            key "name";
            ordered-by user;
            description
              "Configure application-firewall profile";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Surf control integrated profile name";
            }

            uses apply-advanced;

            container block-message {
              description
                "Block message settings";
              uses apply-advanced;

              container type {
                description
                  "Type of block message desired";
                uses apply-advanced;

                choice type-choice {
                  container custom-text {
                    description
                      "Custom defined block message";
                    uses apply-advanced;

                    leaf content {
                      type string {
                        length "1 .. 511";
                      }
                      description
                        "Content of custom-text";
                    }
                  }  // container custom-text
                  container custom-redirect-url {
                    description
                      "Custom redirect URL server";
                    uses apply-advanced;

                    leaf content {
                      type string {
                        junos:posix-pattern "^https?://.*";
                        junos:pattern-message "URL must begin with http:// or https://";
                        length "1 .. 1023";
                      }
                      description
                        "URL of block message";
                    }
                  }  // container custom-redirect-url
                }  // choice type-choice
              }  // container type
            }  // container block-message
          }  // list profile

          list rule-sets {
            key "name";
            ordered-by user;
            description
              "Configure application-firewall rule-sets";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Application firewall rule-set name";
            }

            uses apply-advanced;

            list rule {
              key "name";
              ordered-by user;
              description "Rule";
              uses appfw_rule_type;
            }  // list rule

            container default-rule {
              presence "enable default-rule";
              description
                "Specify default rule for a rule-set";
              uses apply-advanced;

              choice action {
                leaf permit {
                  type empty;
                  description
                    "Permit packets";
                }
                container deny {
                  presence "enable deny";
                  description "Deny packets";
                  uses apply-advanced;

                  leaf block-message {
                    type empty;
                    description
                      "Block message";
                  }
                }  // container deny
                container reject {
                  presence "enable reject";
                  description
                    "Reject packets";
                  uses apply-advanced;

                  leaf block-message {
                    type empty;
                    description
                      "Block message";
                  }
                }  // container reject
              }  // choice action
            }  // container default-rule

            leaf profile {
              junos:must "("security application-firewall profile $$")";
              junos:must-message "Application-firewall profile must be defined";
              type string;
              description
                "Profile for block message";
            }
          }  // list rule-sets

          container nested-application {
            presence
              "enable nested-application";
            status deprecated;
            description
              "Configure nested application dynamic lookup";
            uses apply-advanced;

            container dynamic-lookup {
              presence
                "enable dynamic-lookup";
              description
                "Configure dynamic lookup";
              uses apply-advanced;

              leaf enable {
                type empty;
                description
                  "Enable dynamic lookup";
              }
            }  // container dynamic-lookup
          }  // container nested-application
        }  // container application-firewall

        container application-tracking {
          presence
            "enable application-tracking";
          description
            "Application tracking configuration";
          uses apply-advanced;

          leaf disable {
            type empty;
            description
              "Disable Application tracking";
          }

          choice update-interval {
            leaf first-update-interval {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              description
                "Interval when the first update message is sent";
            }
            leaf first-update {
              type empty;
              status deprecated;
              description
                "Generate Application tracking initial message when a session is created";
            }
          }  // choice update-interval

          leaf session-update-interval {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "minutes";
            description
              "Frequency in which Application tracking update messages are generated";
          }

          leaf log-session-create {
            type empty;
            description
              "Generate Application tracking session create log";
          }

          leaf log-session-close {
            type empty;
            description
              "Generate Application tracking session close log";
          }

          leaf no-volume-updates {
            type empty;
            description
              "Disable session volume update log";
          }
        }  // container application-tracking

        container utm {
          description
            "Content security service configuration";
          uses apply-advanced;

          container traceoptions {
            description
              "Trace options for utm";
            uses utm-traceoptions;
          }  // container traceoptions

          container application-proxy {
            description
              "Application proxy settings";
            uses apply-advanced;

            container traceoptions {
              description
                "Trace options for application proxy";
              uses utm-apppxy-traceoptions;
            }  // container traceoptions
          }  // container application-proxy

          container ipc {
            description "IPC settings";
            uses apply-advanced;

            container traceoptions {
              description
                "Trace options for IPC";
              uses utm-ipc-traceoptions;
            }  // container traceoptions
          }  // container ipc

          container custom-objects {
            description
              "Custom-objects settings";
            uses apply-advanced;

            container category-package {
              description
                "Category package download and install options";
              uses apply-advanced;

              leaf url {
                type string;
                description
                  "HTTPS URL of category package download";
              }

              leaf proxy-profile {
                junos:must "("services proxy profile $$")";
                junos:must-message "Referenced Proxy profile must be defined";
                type string {
                  length "1 .. 64";
                }
                description "Proxy profile";
              }

              leaf routing-instance {
                junos:must "("routing-instances $$")";
                junos:must-message "Routing-instance must be defined";
                type string;
                description
                  "Routing instance name";
              }

              container automatic {
                description
                  "Scheduled download and install";
                uses apply-advanced;

                leaf start-time {
                  type jt:time;
                  description
                    "Start time (YYYY-MM-DD.HH:MM:SS)";
                }

                leaf interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 336";
                    }
                  }
                  default "168";
                  description
                    "Interval in hours";
                }

                leaf enable {
                  type empty;
                  description
                    "Enable automatic download and install";
                }
              }  // container automatic
            }  // container category-package

            list mime-pattern {
              key "name";
              ordered-by user;
              description
                "Configure mime-list object";
              uses mime-list-type;
            }  // list mime-pattern

            list filename-extension {
              key "name";
              ordered-by user;
              description
                "Configure extension-list object";
              uses extension-list-type;
            }  // list filename-extension

            list url-pattern {
              key "name";
              ordered-by user;
              description
                "Configure url-list object";
              uses url-list-type;
            }  // list url-pattern

            list custom-url-category {
              key "name";
              ordered-by user;
              description
                "Configure category-list object";
              uses category-list-type;
            }  // list custom-url-category

            list protocol-command {
              key "name";
              ordered-by user;
              description
                "Configure command-list object";
              uses command-list-type;
            }  // list protocol-command

            list custom-message {
              key "name";
              ordered-by user;
              description
                "Configure custom-message object";
              uses custom-message-type;
            }  // list custom-message
          }  // container custom-objects

          container default-configuration {
            description
              "Global default UTM configurations";
            uses apply-advanced;

            container anti-virus {
              description
                "Configure anti-virus feature";
              uses default-anti-virus-feature;
            }  // container anti-virus

            container web-filtering {
              description
                "Configure web-filtering feature";
              uses default-webfilter-feature;
            }  // container web-filtering

            container anti-spam {
              description
                "Configure anti-spam feature";
              uses default-anti-spam-feature;
            }  // container anti-spam

            container content-filtering {
              description
                "Configure content filtering feature";
              uses default-content-filtering-feature;
            }  // container content-filtering
          }  // container default-configuration

          container feature-profile {
            description
              "Feature-profile settings";
            uses apply-advanced;

            container anti-virus {
              description
                "Configure anti-virus feature";
              uses anti-virus-feature;
            }  // container anti-virus

            container web-filtering {
              description
                "Configure web-filtering feature";
              uses webfilter-feature;
            }  // container web-filtering

            container anti-spam {
              description
                "Configure anti-spam feature";
              uses anti-spam-feature;
            }  // container anti-spam

            container content-filtering {
              description
                "Configure content filtering feature";
              uses content-filtering-feature;
            }  // container content-filtering
          }  // container feature-profile

          list utm-policy {
            key "name";
            ordered-by user;
            description "Configure profile ";
            uses profile-setting;
          }  // list utm-policy
        }  // container utm

        container dynamic-address {
          presence "enable dynamic-address";
          description
            "Configure security dynamic address";
          uses apply-advanced;

          container traceoptions {
            description
              "Security dynamic address tracing options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            leaf level {
              type enumeration {
                enum "error" {
                  value 0;
                  description
                    "Match error conditions";
                }
                enum "warning" {
                  value 1;
                  description
                    "Match warning messages";
                }
                enum "notice" {
                  value 2;
                  description
                    "Match conditions that should be handled specially";
                }
                enum "info" {
                  value 3;
                  description
                    "Match informational messages";
                }
                enum "verbose" {
                  value 4;
                  description
                    "Match verbose messages";
                }
                enum "all" {
                  value 5;
                  description
                    "Match all levels";
                }
              }
              description
                "Level of debugging output";
            }

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Configuration details";
                  }
                  enum "control" {
                    value 1;
                    description
                      "Daemon control message";
                  }
                  enum "ipc" {
                    value 2;
                    description
                      "IPC message sending and receiving";
                  }
                  enum "ip-entry" {
                    value 3;
                    description
                      "IP entry management";
                  }
                  enum "file-retrieval" {
                    value 4;
                    description
                      "File retrieval";
                  }
                  enum "lookup" {
                    value 5;
                    description
                      "Lookup detail";
                  }
                  enum "all" {
                    value 6;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          list feed-server {
            key "name";
            ordered-by user;
            description
              "Security dynamic address feed-server";
            leaf name {
              type string {
                junos:posix-pattern "^[[:alnum:]._-]+$";
                junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
                length "1 .. 16";
              }
              description
                "Security dynamic address feed-server name";
            }

            uses apply-advanced;

            leaf description {
              type string {
                junos:posix-pattern "^[^&<>
]+$";
                junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
                length "1 .. 900";
              }
              description
                "Text description of feed-server";
            }

            choice hostname-or-url {
              leaf hostname {
                type string {
                  length "1 .. 256";
                }
                description
                  "Hostname or IP address of feed-server";
              }
              leaf url {
                type string {
                  length "1 .. 256";
                }
                description
                  "URL,example:example.url.com;1.1.1.1/<folder-or-file-path>;Browser can verify its validity";
              }
            }  // choice hostname-or-url

            leaf update-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "30 .. 4294967295";
                }
              }
              units "seconds";
              default "300";
              description
                "Interval to retrieve update";
            }

            leaf hold-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4294967295";
                }
              }
              units "seconds";
              default "86400";
              description
                "Time to keep IP entry when update failed";
            }

            leaf tls-profile {
              junos:must "("services ssl initiation profile $$")";
              junos:must-message "Referenced SSL initiation profile is not defined";
              type string;
              description "TLS profile";
            }

            container validate-certificate-attributes {
              junos:must "(".. tls-profile")";
              junos:must-message "tls-profile is not configured";
              description
                "Validate some certificate attributes";
              uses apply-advanced;

              leaf subject-or-subject-alternative-names {
                type empty;
                description
                  "One of them must match feed server host name";
              }
            }  // container validate-certificate-attributes

            list feed-name {
              key "name";
              ordered-by user;
              description
                "Feed name in feed-server";
              leaf name {
                type string {
                  junos:posix-pattern "^[[:alnum:]._-]+$";
                  junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
                  length "1 .. 240";
                }
                description
                  "Security dynamic address feed name in feed-server";
              }

              uses apply-advanced;

              leaf description {
                type string {
                  junos:posix-pattern "^[^&<>
]+$";
                  junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
                  length "1 .. 900";
                }
                description
                  "Text description of feed in feed-server";
              }

              leaf path {
                type string {
                  length "1 .. 1024";
                }
                description
                  "Path of feed, appended to feed-server to form a complete URL";
              }

              leaf update-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "30 .. 4294967295";
                  }
                }
                units "seconds";
                description
                  "Interval to retrieve update";
              }

              leaf hold-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 4294967295";
                  }
                }
                units "seconds";
                description
                  "Time to keep IP entry when update failed";
              }
            }  // list feed-name
          }  // list feed-server

          list address-name {
            key "name";
            ordered-by user;
            description
              "Security dynamic address name";
            leaf name {
              type string {
                junos:posix-pattern "^[[:alnum:]._-]+$";
                junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
                length "1 .. 240";
              }
              description
                "Security dynamic address name";
            }

            uses apply-advanced;

            leaf description {
              type string {
                junos:posix-pattern "^[^&<>
]+$";
                junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
                length "1 .. 900";
              }
              description
                "Text description of dynamic address";
            }

            container profile {
              presence "enable profile";
              description
                "Information to categorize feed data into this dynamic address";
              uses apply-advanced;

              list feed-name {
                key "name";
                max-elements 1;
                ordered-by user;
                description
                  "Name of feed in feed-server for this dynamic address";
                leaf name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
                    length "1 .. 240";
                  }
                  description
                    "Name of feed in feed-server which is mapped to this dynamic address";
                }

                uses apply-advanced;
              }  // list feed-name

              list category {
                junos:must "(!(".. feed-name"))";
                junos:must-message "Feed-name can not coexist with category";
                key "name";
                max-elements 1;
                ordered-by user;
                description
                  "Name of category";
                leaf name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
                    length "1 .. 32";
                  }
                  description
                    "Name of category";
                }

                uses apply-advanced;

                leaf feed {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
                    length "1 .. 32";
                  }
                  description
                    "Name of feed under category";
                }

                list property {
                  key "name";
                  max-elements 3;
                  ordered-by user;
                  description
                    "Property to match";
                  leaf name {
                    type string {
                      length "1 .. 32";
                    }
                    description
                      "Name of property";
                  }

                  uses apply-advanced;

                  choice property-value {
                    list string {
                      key "name";
                      max-elements 256;
                      ordered-by user;
                      description
                        "Value type is strings";
                      leaf name {
                        type string {
                          length "1 .. 32";
                        }
                        description
                          "String value";
                      }

                      uses apply-advanced;
                    }  // list string
                  }  // choice property-value
                }  // list property
              }  // list category
            }  // container profile

            leaf session-scan {
              type empty;
              description
                "Trigger session scan when the IP address is added";
            }
          }  // list address-name

          container session-scan {
            presence "enable session-scan";
            description
              "Trigger session scan for all the dynamic addresses";
            uses apply-advanced;

            leaf hold-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 3600";
                }
              }
              units "seconds";
              default "10";
              description
                "Time interval before the session scan request";
            }
          }  // container session-scan
        }  // container dynamic-address

        container dynamic-vpn {
          status deprecated;
          description
            "Configure dynamic VPN";
          uses apply-advanced;

          container traceoptions {
            description
              "Dynamic-vpn trace options";
            uses httpd_dvpn_traceoptions_type;
          }  // container traceoptions

          leaf force-upgrade {
            type empty;
            description "Force Upgrade";
          }

          leaf access-profile {
            junos:must "("access profile $$")";
            junos:must-message "Access profile must be defined";
            type string;
            description "Configure access";
          }

          leaf-list interface {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            ordered-by user;
            description
              "Interfaces that accept Dynamic-VPN client access";
          }

          list clients {
            key "name";
            ordered-by user;
            description
              "Configure for remote access client";
            uses clients-object;
          }  // list clients

          leaf config-check {
            type empty;
            description
              "Perform extra configuration validation";
          }
        }  // container dynamic-vpn

        container remote-access {
          junos:must "(("system services web-management" && "access firewall-authentication"))";
          junos:must-message "web-management and firewall-authentication must be enabled for remote-access";
          description
            "Configure remote access";
          uses apply-advanced;

          container global-options {
            description
              "Global remote-access configuration";
            uses apply-advanced;

            leaf auth-token-valid-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 300";
                }
              }
              units "seconds";
              default "60";
              description
                "Authentication token valid time (seconds) :default 60";
            }
          }  // container global-options

          list profile {
            key "name";
            ordered-by user;
            description
              "Remote access profile";
            uses remote-access-profile-config;
          }  // list profile

          list client-config {
            key "name";
            ordered-by user;
            description
              "Remote-access client configuration";
            uses remote-access-client-config;
          }  // list client-config

          container traceoptions {
            description
              "Remote-access trace configuration";
            uses remote-access-traceoptions;
          }  // container traceoptions

          leaf default-profile {
            junos:must "("security remote-access profile $$")";
            junos:must-message "Remote access default profile should configure";
            type string;
            description
              "Configure default profile";
          }
        }  // container remote-access

        container dynamic-application {
          presence
            "enable dynamic-application";
          description
            "Configure dynamic-application";
          uses apply-advanced;

          container traceoptions {
            description
              "Dynamic application tracing options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "lookup" {
                    value 1;
                    description
                      "Trace lookup events";
                  }
                  enum "compilation" {
                    value 2;
                    description
                      "Rule-sets compilation events";
                  }
                  enum "ipc" {
                    value 3;
                    description
                      "Inter-process communication events";
                  }
                  enum "all" {
                    value 4;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          list profile {
            key "name";
            ordered-by user;
            description
              "Configure application-firewall profile";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Surf control integrated profile name";
            }

            uses apply-advanced;

            container redirect-message {
              description
                "Redirect message settings";
              uses apply-advanced;

              container type {
                description
                  "Type of redirect message desired";
                uses apply-advanced;

                choice type-choice {
                  container custom-text {
                    description
                      "Custom defined text block message";
                    uses apply-advanced;

                    leaf content {
                      type string {
                        length "1 .. 511";
                      }
                      description
                        "Content of custom-text";
                    }
                  }  // container custom-text
                  container redirect-url {
                    description
                      "Custom redirect URL server";
                    uses apply-advanced;

                    leaf content {
                      type string {
                        junos:posix-pattern "^https?://.*";
                        junos:pattern-message "URL must begin with http:// or https://";
                        length "1 .. 1023";
                      }
                      description
                        "URL of block message";
                    }
                  }  // container redirect-url
                }  // choice type-choice
              }  // container type
            }  // container redirect-message
          }  // list profile
        }  // container dynamic-application

        container softwires {
          description
            "Configure softwire feature";
          uses softwires-object;
        }  // container softwires

        container forwarding-options {
          description
            "Security-forwarding-options configuration";
          uses apply-advanced;

          container family {
            description
              "Security forwarding-options for family";
            uses apply-advanced;

            container inet6 {
              description "Family IPv6";
              uses apply-advanced;

              leaf mode {
                type enumeration {
                  enum "packet-based" {
                    value 0;
                    description
                      "Enable packet-based forwarding";
                  }
                  enum "flow-based" {
                    value 1;
                    description
                      "Enable flow-based forwarding";
                  }
                  enum "drop" {
                    value 2;
                    description
                      "Disable forwarding";
                  }
                }
                description
                  "Forwarding mode";
              }
            }  // container inet6

            container mpls {
              description "Family MPLS";
              uses apply-advanced;

              leaf mode {
                type enumeration {
                  enum "packet-based" {
                    junos:must "(!("security policies"))";
                    junos:must-message "MPLS mode packet-based not allowed when [security policies] are configured.";
                    value 0;
                    description
                      "Enable packet-based forwarding";
                  }
                  enum "flow-based" {
                    value 1;
                    description
                      "Enable flow-based forwarding for mpls";
                  }
                }
                description
                  "Forwarding mode";
              }
            }  // container mpls

            container iso {
              description "Family ISO";
              uses apply-advanced;

              leaf mode {
                type enumeration {
                  enum "packet-based" {
                    value 0;
                    description
                      "Enable packet-based forwarding";
                  }
                }
                description
                  "Forwarding mode";
              }
            }  // container iso
          }  // container family

          list mirror-filter {
            key "name";
            max-elements 15;
            ordered-by user;
            description
              "Security mirror filters";
            uses mirror-filter-type;
          }  // list mirror-filter

          list secure-wire {
            key "name";
            description
              "Secure-wire cross connections";
            uses secure-wire-type;
          }  // list secure-wire

          container mode {
            description
              "Tap or sniffer mode";
            uses apply-advanced;

            container tap {
              description "Tap mode";
              uses apply-advanced;

              leaf-list interface {
                type union {
                  type jt:interface-name;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Tap enabled interface";
              }

              container inspect-pass-through-tunnel {
                description
                  "Inspect pass-through tunnel";
                uses apply-advanced;

                leaf ipip {
                  type empty;
                  description "IPIP";
                }

                leaf gre {
                  type empty;
                  description "GRE";
                }
              }  // container inspect-pass-through-tunnel
            }  // container tap
          }  // container mode

          container receive-side-scaling {
            description
              "Receive side scaling";
            uses apply-advanced;

            container software-rss {
              description
                "Software RSS options";
              uses apply-advanced;

              leaf mode {
                type enumeration {
                  enum "automatic" {
                    value 0;
                    description
                      "Auto select Software RSS mode (default)";
                  }
                  enum "enable" {
                    value 1;
                    description
                      "Software RSS would be enabled";
                  }
                  enum "disable" {
                    value 2;
                    description
                      "Software RSS would be disabled";
                  }
                }
                default "automatic";
                description
                  "Mode of Software RSS";
              }

              leaf io-thread-number {
                junos:must "("security forwarding-options receive-side-scaling software-rss mode enable")";
                junos:must-message "The IO threads configuration will take effect only when software RSS mode is set to enable, please set it.";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 8";
                  }
                }
                description
                  "Software-RSS IO thread number";
              }
            }  // container software-rss

            container nic-rss {
              description "NIC RSS options";
              uses apply-advanced;

              leaf mode {
                type enumeration {
                  enum "disable" {
                    value 0;
                    description
                      "NIC RSS would be disabled";
                  }
                }
                description
                  "Mode of NIC RSS";
              }
            }  // container nic-rss
          }  // container receive-side-scaling

          container security-service {
            description
              "Security service actions when memory resource is in shortage";
            uses apply-advanced;

            leaf fail-open {
              type empty;
              description
                "Packet will bypass all the application services ";
            }
          }  // container security-service

          container resource-manager {
            description
              "Manage the resource for special usage";
            uses apply-advanced;

            container cpu {
              description "The CPU resource";
              uses apply-advanced;

              leaf re {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 3";
                  }
                }
                description
                  "The count of vCPUs assigned to RE (default is 1)";
              }
            }  // container cpu
          }  // container resource-manager

          leaf no-allow-dataplane-sleep {
            type empty;
            description
              "Disable dataplane sleep";
          }

          container services-offload {
            description
              "Service offload option";
            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable services-offload";
            }
          }  // container services-offload
        }  // container forwarding-options

        container advanced-services {
          description
            "Advanced services configuration";
          uses apply-advanced;

          container data-plane {
            description
              "Data plane configuration";
            uses apply-advanced;

            container memory {
              description
                "Data plane memory configuration";
              uses apply-advanced;

              leaf low {
                type empty;
                description
                  "Reduce data plane memory";
              }
            }  // container memory
          }  // container data-plane
        }  // container advanced-services

        container flow {
          description "FLOW configuration";
          uses apply-advanced;

          leaf enhanced-routing-mode {
            type empty;
            description
              "Enable enhanced route scaling";
          }

          container traceoptions {
            description
              "Trace options for flow services";
            uses flow-traceoptions-object;
          }  // container traceoptions

          leaf pending-sess-queue-length {
            type enumeration {
              enum "normal" {
                value 0;
                description
                  "Normal number of sessions queued";
              }
              enum "moderate" {
                value 1;
                description
                  "Allow more queued sessions than normal";
              }
              enum "high" {
                value 2;
                description
                  "Maximum number of queued sessions";
              }
            }
            default "normal";
            description
              "Maximum queued length per pending session";
          }

          container enable-reroute-uniform-link-check {
            description
              "Enable reroute check with uniform link";
            uses apply-advanced;

            leaf nat {
              type empty;
              description "Enable NAT check";
            }
          }  // container enable-reroute-uniform-link-check

          leaf allow-dns-reply {
            type empty;
            description
              "Allow unmatched incoming DNS reply packet";
          }

          leaf route-change-timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "6 .. 1800";
              }
            }
            units "seconds";
            default "30";
            description
              "Timeout value for route change to nonexistent route";
          }

          leaf nh-resolve-timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 20000";
              }
            }
            units "milliseconds";
            default "10000";
            description
              "Timeout value for nexthop resolve";
          }

          leaf multicast-nh-resolve-retry {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 20";
              }
            }
            default "0";
            description
              "Retry count for nexthop resolve";
          }

          leaf syn-flood-protection-mode {
            type enumeration {
              enum "syn-cookie" {
                value 0;
                description
                  "Enable SYN cookie protection";
              }
              enum "syn-proxy" {
                value 1;
                description
                  "Enable SYN proxy protection";
              }
            }
            default "syn-cookie";
            description
              "TCP SYN flood protection mode";
          }

          leaf allow-embedded-icmp {
            type empty;
            description
              "Allow embedded ICMP packets not matching a session to pass through";
          }

          leaf mcast-buffer-enhance {
            type empty;
            description
              "Allow to hold more packets during multicast session creation";
          }

          leaf strict-packet-order {
            type empty;
            description
              "Maintain arrival ordering when packets departing";
          }

          leaf allow-reverse-ecmp {
            type empty;
            description
              "Allow reverse ECMP route lookup";
          }

          leaf no-local-favor-ecmp {
            type empty;
            description
              "Not prefer local node in HA ECMP route lookup";
          }

          leaf sync-icmp-session {
            type empty;
            description
              "Allow icmp sessions to sync to peer node";
          }

          leaf ipsec-performance-acceleration {
            type empty;
            description
              "Accelerate the IPSec traffic performance";
          }

          leaf gre-performance-acceleration {
            type empty;
            description
              "Accelerate the GRE traffic performance";
          }

          container aging {
            description
              "Aging configuration";
            uses apply-advanced;

            leaf early-ageout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              units "seconds";
              default "20";
              description
                "Delay before device declares session invalid";
            }

            leaf low-watermark {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 100";
                }
              }
              units "percent";
              default "100";
              description
                "Percentage of session-table capacity at which aggressive aging-out ends";
            }

            leaf high-watermark {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 100";
                }
              }
              units "percent";
              default "100";
              description
                "Percentage of session-table capacity at which aggressive aging-out starts";
            }
          }  // container aging

          container ethernet-switching {
            description
              "Ethernet-switching configuration for flow";
            uses apply-advanced;

            leaf block-non-ip-all {
              type empty;
              description
                "Block all non-IP and non-ARP traffic including broadcast/multicast";
            }

            leaf bypass-non-ip-unicast {
              junos:must "(!(".. block-non-ip-all"))";
              junos:must-message "'bypass-non-ip-unicast' cannot coexist with 'block-non-ip-all'";
              type empty;
              description
                "Allow all non-IP (including unicast) traffic";
            }

            container no-packet-flooding {
              presence
                "enable no-packet-flooding";
              description
                "Stop IP flooding, send ARP/ICMP to trigger MAC learning";
              uses apply-advanced;

              leaf no-trace-route {
                type empty;
                description
                  "Don't send ICMP to trigger MAC learning";
              }
            }  // container no-packet-flooding

            leaf bpdu-vlan-flooding {
              type empty;
              description
                "Set 802.1D BPDU flooding based on VLAN";
            }
          }  // container ethernet-switching

          container tcp-mss {
            description
              "TCP maximum segment size configuration";
            uses apply-advanced;

            container all-tcp {
              description
                "Enable MSS override for all packets";
              uses apply-advanced;

              leaf mss {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "64 .. 65535";
                  }
                }
                description "MSS value";
              }
            }  // container all-tcp

            container ipsec-vpn {
              presence "enable ipsec-vpn";
              description
                "Enable MSS override for all packets entering IPSec tunnel";
              uses apply-advanced;

              leaf mss {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "64 .. 65535";
                  }
                }
                default "1320";
                description "MSS value";
              }
            }  // container ipsec-vpn

            container gre-in {
              presence "enable gre-in";
              description
                "Enable MSS override for all GRE packets coming out of an IPSec tunnel";
              uses apply-advanced;

              leaf mss {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "64 .. 65535";
                  }
                }
                default "1320";
                description "MSS value";
              }
            }  // container gre-in

            container gre-out {
              presence "enable gre-out";
              description
                "Enable MSS override for all GRE packets entering an IPsec tunnel";
              uses apply-advanced;

              leaf mss {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "64 .. 65535";
                  }
                }
                default "1320";
                description "MSS value";
              }
            }  // container gre-out
          }  // container tcp-mss

          container tcp-session {
            description
              "Transmission Control Protocol session configuration";
            uses apply-advanced;

            leaf rst-invalidate-session {
              type empty;
              description
                "Immediately end session on receipt of reset (RST) segment";
            }

            leaf fin-invalidate-session {
              type empty;
              description
                "Immediately end session on receipt of fin (FIN) segment";
            }

            leaf rst-sequence-check {
              type empty;
              description
                "Check sequence number in reset (RST) segment";
            }

            leaf no-syn-check {
              type empty;
              description
                "Disable creation-time SYN-flag check";
            }

            leaf strict-syn-check {
              junos:must "(!(("security flow tcp-session no-syn-check" || "security flow tcp-session no-syn-check-in-tunnel")))";
              junos:must-message "strict-syn-check not allowed when no-syn-check or no-syn-check-in-tunnel is configured";
              type empty;
              description
                "Enable strict syn check";
            }

            leaf no-syn-check-in-tunnel {
              type empty;
              description
                "Disable creation-time SYN-flag check for tunnel packets";
            }

            leaf no-sequence-check {
              type empty;
              description
                "Disable sequence-number checking";
            }

            leaf aggressive-tcp-ack {
              type empty;
              description
                "Enable aggressive TCP ACK, root lsys only";
            }

            leaf tcp-initial-timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "4 .. 300";
                }
              }
              units "seconds";
              default "20";
              description
                "Timeout for TCP session when initialization fails";
            }

            leaf maximum-window {
              type enumeration {
                enum "64K" {
                  value 0;
                  description
                    "64K bytes receive window";
                }
                enum "128K" {
                  value 1;
                  description
                    "128K bytes receive window";
                }
                enum "256K" {
                  value 2;
                  description
                    "256K bytes receive window";
                }
                enum "512K" {
                  value 3;
                  description
                    "512K bytes receive window";
                }
                enum "1M" {
                  value 4;
                  description
                    "1M bytes receive window";
                }
              }
              default "256K";
              description
                "Maximum TCP proxy scaled receive window, default 256K bytes";
            }

            container time-wait-state {
              presence
                "enable time-wait-state";
              description
                "Session timeout value in time-wait state, default 150 seconds";
              uses apply-advanced;

              choice session-age-option {
                leaf session-ageout {
                  type empty;
                  description
                    "Allow session to ageout using service based timeout values";
                }
                leaf session-timeout {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 600";
                    }
                  }
                  units "seconds";
                  description
                    "Configure session timeout value for time-wait state";
                }
              }  // choice session-age-option

              leaf apply-to-half-close-state {
                type empty;
                description
                  "Apply time-wait-state timeout to half-close state";
              }
            }  // container time-wait-state
          }  // container tcp-session

          leaf force-ip-reassembly {
            type empty;
            description
              "Force to reassemble ip fragments";
          }

          leaf preserve-incoming-fragment-size {
            type empty;
            description
              "Preserve incoming fragment size for egress MTU";
          }

          leaf fragment-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 250";
              }
            }
            default "0";
            description
              "Maximum number of fragments allowed for a packet";
          }

          leaf fragment-reassembly-timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 60";
              }
            }
            units "seconds";
            default "0";
            description
              "Re-assembly timeout (seconds) for fragments of a packet";
          }

          container log {
            description "Enable log";
            uses apply-advanced;

            leaf dropped-icmp-packet {
              type empty;
              description
                "Log dropped ICMPv4 packet";
            }

            leaf dropped-illegal-packet {
              type empty;
              description
                "Log dropped illegal packet";
            }
          }  // container log

          container advanced-options {
            description
              "Flow config advanced options";
            uses apply-advanced;

            leaf drop-matching-reserved-ip-address {
              type empty;
              description
                "Drop matching reserved source IP address";
            }

            leaf drop-matching-link-local-address {
              type empty;
              description
                "Drop matching link local address";
            }

            leaf reverse-route-packet-mode-vr {
              type empty;
              description
                "Allow reverse route lookup with packet mode vr";
            }
          }  // container advanced-options

          container load-distribution {
            description
              "Flow config SPU load distribution";
            uses apply-advanced;

            container session-affinity {
              description
                "SPU load distribution based on the service anchor SPU";
              uses apply-advanced;

              leaf ipsec {
                type empty;
                description "IPsec service";
              }
            }  // container session-affinity
          }  // container load-distribution

          container packet-log {
            description
              "Configure flow packet log";
            uses apply-advanced;

            leaf enable {
              type empty;
              description
                "Enable log for dropped packet";
            }

            leaf throttle-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 32768";
                }
              }
              units "milliseconds";
              default "1024";
              description
                "Interval should be configured as a power of two";
            }

            list packet-filter {
              key "name";
              max-elements 64;
              ordered-by user;
              description
                "Configure packet log filter";
              uses flow-filter-type;
            }  // list packet-filter
          }  // container packet-log

          leaf power-mode-disable {
            type empty;
            description
              "Disable power mode express path processing";
          }

          leaf power-mode-ipsec-qat {
            type empty;
            description
              "Enable qat in power mode ipsec processing";
          }
        }  // container flow

        container firewall-authentication {
          description
            "Firewall authentication parameters";
          uses apply-advanced;

          container traceoptions {
            description
              "Data-plane firewall authentication tracing options";
            uses apply-advanced;

            list flag {
              key "name";
              ordered-by user;
              description
                "Events to include in trace output";
              leaf name {
                type enumeration {
                  enum "authentication" {
                    value 0;
                    description
                      "Data-plane firewall authentication events";
                  }
                  enum "proxy" {
                    value 1;
                    description
                      "Data-plane firewall authentication proxy events";
                  }
                  enum "all" {
                    value 2;
                    description "All events";
                  }
                }
              }

              choice level {
                leaf terse {
                  type empty;
                  description
                    "Include terse amount of output in trace";
                }
                leaf detail {
                  type empty;
                  description
                    "Include detailed amount of output in trace";
                }
                leaf extensive {
                  type empty;
                  description
                    "Include extensive amount of output in trace";
                }
              }  // choice level
            }  // list flag
          }  // container traceoptions
        }  // container firewall-authentication

        container screen {
          description
            "Configure screen feature";
          uses apply-advanced;

          container trap {
            presence "enable trap";
            description
              "Configure trap interval";
            leaf interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 3600";
                }
              }
              units "seconds";
              default "2";
              description "Trap interval";
            }
          }  // container trap

          list ids-option {
            key "name";
            description
              "Configure ids-option";
            uses ids-option-type;
          }  // list ids-option

          container traceoptions {
            description
              "Trace options for Network Security Screen";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "flow" {
                    value 1;
                    description
                      "Trace flow events";
                  }
                  enum "all" {
                    value 2;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          list white-list {
            key "name";
            max-elements 32;
            description
              "Set of IP addresses for white list";
            uses ids-wlist-type;
          }  // list white-list
        }  // container screen

        container nat {
          description
            "Configure Network Address Translation";
          uses nat-object;
        }  // container nat

        container forwarding-process {
          description
            "Configure security forwarding-process options";
          uses apply-advanced;

          leaf enhanced-services-mode {
            type empty;
            description
              "Enable enhanced application services mode";
          }

          container application-services {
            description
              "Configure application service options";
            uses apply-advanced;

            leaf maximize-alg-sessions {
              type empty;
              description
                "Maximize ALG session capacity";
            }

            leaf maximize-persistent-nat-capacity {
              type empty;
              description
                "Increase persistent NAT capacity by reducing maximum flow sessions";
            }

            container maximize-cp-sessions {
              presence
                "enable maximize-cp-sessions";
              status deprecated;
              description
                "Maximize CP session capacity";
              uses apply-advanced;
            }  // container maximize-cp-sessions

            leaf session-distribution-mode {
              junos:must "(!(".. maximize-idp-sessions"))";
              junos:must-message "to configure session-distribution-mode, maximize-idp-sessions must not be set";
              type enumeration {
                enum "normal" {
                  value 0;
                  status deprecated;
                  description "Normal mode";
                }
                enum "hash-based" {
                  value 1;
                  status deprecated;
                  description "Hash mode";
                }
              }
              status deprecated;
              description
                "Session distribution mode";
            }

            leaf enable-gtpu-distribution {
              type empty;
              description
                "Enable GTP-U distribution";
            }

            leaf packet-ordering-mode {
              type enumeration {
                enum "hardware" {
                  value 0;
                  description
                    "Hardware mode";
                }
                enum "software" {
                  value 1;
                  description
                    "Software mode";
                }
              }
              description
                "Packet ordering mode";
            }

            container maximize-idp-sessions {
              presence
                "enable maximize-idp-sessions";
              description
                "Run security services in dedicated processes to maximize IDP session capacity";
              uses apply-advanced;

              container weight {
                description
                  "Adjust the weighting of the resources available for idp";
                uses apply-advanced;

                choice weight {
                  leaf equal {
                    type empty;
                    status deprecated;
                    description
                      "Equal resources to IDP and firewall";
                  }
                  container idp {
                    presence "enable idp";
                    description
                      "IDP has more resources than firewall";
                    uses apply-advanced;
                  }  // container idp
                  leaf firewall {
                    type empty;
                    description
                      "Firewall has more resources than IDP";
                  }
                }  // choice weight
              }  // container weight

              leaf inline-tap {
                type empty;
                description
                  "Configure IDP in inline tap mode";
              }
            }  // container maximize-idp-sessions

            leaf inline-fpga-crypto {
              type enumeration {
                enum "disabled" {
                  value 0;
                  description
                    "Disable inline FPGA crypto";
                }
                enum "enabled" {
                  value 1;
                  description
                    "Enable inline FPGA crypto";
                }
              }
              description
                "Disable inline FPGA crypto";
            }
          }  // container application-services
        }  // container forwarding-process

        container policies {
          presence "enable policies";
          description
            "Configure Network Security Policies";
          uses policy-object-type;
        }  // container policies

        container tcp-encap {
          presence "enable tcp-encap";
          description
            "Configure TCP Encapsulation.";
          uses apply-advanced;

          container traceoptions {
            description
              "Trace options for TCP encapsulation service";
            uses ragw-traceoptions;
          }  // container traceoptions

          list profile {
            key "name";
            ordered-by user;
            description "Configure profile.";
            leaf name {
              type string {
                length "1 .. 64";
              }
              description
                "Profile name identifier.";
            }

            uses apply-advanced;

            leaf ssl-profile {
              junos:must "("services ssl termination profile $$")";
              junos:must-message "Referenced SSL termination profile must be defined";
              type string;
              description
                "SSL Termination profile";
            }

            leaf log {
              type empty;
              description
                "Enable logging for remote-access";
            }
          }  // list profile

          container global-options {
            description
              "Global settings for TCP encapsulation";
            leaf enable-tunnel-tracking {
              type empty;
              description
                "Track ESP tunnels";
            }
          }  // container global-options
        }  // container tcp-encap

        container resource-manager {
          description
            "Configure resource manager security options";
          uses apply-advanced;

          container traceoptions {
            description
              "Traceoptions for resource manager";
            uses apply-advanced;

            list flag {
              key "name";
              ordered-by user;
              description
                "Resource manager objects and events to include in trace";
              leaf name {
                type enumeration {
                  enum "client" {
                    value 0;
                    description
                      "Trace resource manager client";
                  }
                  enum "group" {
                    value 1;
                    description
                      "Trace resource manager group";
                  }
                  enum "resource" {
                    value 2;
                    description
                      "Trace resource manager resource";
                  }
                  enum "gate" {
                    value 3;
                    description
                      "Trace resource manager created gates";
                  }
                  enum "session" {
                    value 4;
                    description
                      "Trace resource manager created session";
                  }
                  enum "chassis cluster" {
                    value 5;
                    description
                      "Trace resource manager's chassis cluster events";
                  }
                  enum "messaging" {
                    value 6;
                    description
                      "Trace resource manager messaging";
                  }
                  enum "service pinhole" {
                    value 7;
                    description
                      "Trace resource manager created service pinholes";
                  }
                  enum "error" {
                    value 8;
                    description
                      "Trace all resource manager errors";
                  }
                  enum "all" {
                    value 9;
                    description
                      "Trace all resource manager objects and events";
                  }
                }
              }

              choice level {
                leaf terse {
                  type empty;
                  description
                    "Set trace verbosity level to terse";
                }
                leaf detail {
                  type empty;
                  description
                    "Set trace verbosity level to detail";
                }
                leaf extensive {
                  type empty;
                  description
                    "Set trace verbosity level to extensive";
                }
              }  // choice level
            }  // list flag
          }  // container traceoptions

          container services-memory {
            presence
              "enable services-memory";
            description
              "Manage services memory resources";
            uses apply-advanced;

            container match {
              presence "enable match";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "1 .. 100";
                  }
                }
                description
                  "Service Memory Threshold";
              }
            }  // container match

            container then {
              presence "enable then";
              description
                "Action to take if the conditions are matched";
              uses apply-advanced;

              leaf fail-close {
                junos:must "(!(".. fail-open"))";
                junos:must-message "'fail-open' can not be defined with 'fail-close'";
                type empty;
                description
                  "Enable fail-close";
              }

              leaf fail-open {
                junos:must "(!(".. fail-close"))";
                junos:must-message "'fail-close' can not be defined with 'fail-open'";
                type empty;
                description
                  "Enable fail-open";
              }

              leaf drop-flows {
                type empty;
                description
                  "Enable drop-flows";
              }

              leaf log {
                type empty;
                description "Enable logs";
              }

              leaf alarm {
                type empty;
                description "Enable Alarm";
              }
            }  // container then
          }  // container services-memory

          container session-memory {
            presence "enable session-memory";
            description
              "Manage session memory resources";
            uses apply-advanced;

            container match {
              presence "enable match";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "1 .. 100";
                  }
                }
                description
                  "Session Memory Threshold";
              }
            }  // container match

            container then {
              presence "enable then";
              description
                "Action to take if the conditions are matched";
              uses apply-advanced;

              container session-aggressive-ageout {
                presence
                  "enable session-aggressive-ageout";
                description
                  "Session ageout configuration";
                uses apply-advanced;

                leaf early-ageout {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type int32 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Delay before device declares session invalid";
                }
              }  // container session-aggressive-ageout

              leaf log {
                type empty;
                description "Enable logs";
              }

              leaf alarm {
                type empty;
                description "Enable alarms";
              }

              leaf drop-flows {
                type empty;
                description
                  "Enable drop-flows";
              }
            }  // container then
          }  // container session-memory

          container cpu {
            presence "enable cpu";
            description
              "Manage cpu resources";
            uses apply-advanced;

            leaf disable-management {
              junos:must "(!(".. then"))";
              junos:must-message "Cannot define 'then' with disable-management";
              junos:must "(!(".. match"))";
              junos:must-message "Cannot define 'match' with disable-management";
              type empty;
              description
                "Disable Resource Manager CPU Management";
            }

            container match {
              presence "enable match";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "1 .. 100";
                  }
                }
                description
                  "CPU Useage Threshold";
              }
            }  // container match

            container then {
              presence "enable then";
              description
                "Action to take if the conditions are matched";
              uses apply-advanced;

              leaf drop-flows {
                type empty;
                description
                  "Enable drop-flows";
              }

              leaf drop-cps {
                type empty;
                description
                  "Enable drop-cps";
              }

              leaf log {
                type empty;
                description "Enable logs";
              }

              leaf alarm {
                type empty;
                description
                  "Enable drop-alarm";
              }

              leaf max-session-setup-rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "0 .. 65535";
                  }
                }
                description
                  "Maximum number of session creations allowed per second";
              }
            }  // container then
          }  // container cpu
        }  // container resource-manager

        container analysis {
          description
            "Configure security analysis";
          uses apply-advanced;

          leaf no-report {
            type empty;
            description
              "Stops security analysis reporting";
          }
        }  // container analysis

        container traceoptions {
          description
            "Network security daemon tracing options";
          uses apply-advanced;

          leaf no-remote-trace {
            junos:must "("system tracing")";
            junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
            type empty;
            description
              "Disable remote tracing";
          }

          container file {
            description
              "Trace file information";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "3";
              description
                "Maximum number of trace files";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice

            leaf match {
              type jt:regular-expression;
              description
                "Regular expression for lines to be logged";
            }
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "configuration" {
                  value 0;
                  description
                    "Trace configuration events";
                }
                enum "routing-socket" {
                  value 1;
                  description
                    "Trace routing socket events";
                }
                enum "compilation" {
                  value 2;
                  description
                    "Trace compilation events";
                }
                enum "all" {
                  value 3;
                  description
                    "Trace everything";
                }
              }
            }
          }  // list flag

          leaf rate-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            default "0";
            description
              "Limit the incoming rate of trace messages";
          }
        }  // container traceoptions

        container datapath-debug {
          description
            "Datapath debug options";
          uses apply-advanced;

          container traceoptions {
            description
              "End to end debug trace options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file
          }  // container traceoptions

          container capture-file {
            description
              "Packet capture options";
            leaf filename {
              type string;
              description
                "Capture file name";
            }

            leaf format {
              type enumeration {
                enum "pcap" {
                  value 0;
                  description
                    "PCAP capture format";
                }
              }
              description
                "Capture file format";
            }

            leaf size {
              type string;
              description
                "Maximum file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 10";
                }
              }
              description
                "Maximum number of files";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read packet-capture files";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read packet-capture files";
              }
            }  // choice world-readable-choice
          }  // container capture-file

          leaf maximum-capture-size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "68 .. 10000";
              }
            }
            units "bytes";
            default "68";
            description
              "Max packet capture length";
          }

          list action-profile {
            key "name";
            ordered-by user;
            description
              "Action profile definitions";
            uses e2e-action-profile;
          }  // list action-profile

          list packet-filter {
            key "name";
            max-elements 4;
            ordered-by user;
            description
              "Packet filter configuration";
            uses end-to-end-debug-filter;
          }  // list packet-filter
        }  // container datapath-debug

        container user-identification {
          description
            "Configure user-identification";
          uses apply-advanced;

          container traceoptions {
            description
              "User-identification Tracing Options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "all" {
                    value 0;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          list authentication-source {
            key "name";
            description
              "Configure user-identification authentication-source";
            uses authentication-source-type;
          }  // list authentication-source
        }  // container user-identification

        container zones {
          description "Zone configuration";
          uses apply-advanced;

          container functional-zone {
            presence
              "enable functional-zone";
            description "Functional zone";
            container management {
              presence "enable management";
              description
                "Host for out of band management interfaces";
              uses apply-advanced;

              list interfaces {
                key "name";
                ordered-by user;
                description
                  "Interfaces that are part of this zone";
                uses zone-interface-list-type;
              }  // list interfaces

              leaf screen {
                junos:must "("security screen ids-option $$")";
                junos:must-message "referenced ids-object must be defined under [security screen ids-option]";
                type string {
                  length "1 .. 64";
                }
                description
                  "Name of ids option object applied to the zone";
              }

              container host-inbound-traffic {
                description
                  "Allowed system services & protocols";
                uses zone_host_inbound_traffic_t;
              }  // container host-inbound-traffic

              leaf description {
                type string {
                  junos:posix-pattern "^[^&<>
]+$";
                  junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
                  length "1 .. 900";
                }
                description
                  "Text description of zone";
              }
            }  // container management
          }  // container functional-zone

          list security-zone {
            key "name";
            ordered-by user;
            description "Security zones";
            uses security-zone-type;
          }  // list security-zone
        }  // container zones

        leaf advanced-connection-tracking-timeout {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "System wide timeout value in seconds for advanced-connection-tracking entries";
        }

        container advance-policy-based-routing {
          presence
            "enable advance-policy-based-routing";
          description
            "Configure Network Security APBR Policies";
          uses apply-advanced;

          container traceoptions {
            description
              "Advance policy based routing tracing options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "lookup" {
                    value 1;
                    description
                      "Trace lookup events";
                  }
                  enum "compilation" {
                    value 2;
                    description
                      "Rule-sets compilation events";
                  }
                  enum "ipc" {
                    value 3;
                    description
                      "Inter-process communication events";
                  }
                  enum "all" {
                    value 4;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          container tunables {
            description
              "Configure advance policy based routing tunables";
            uses apply-advanced;

            leaf max-route-change {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 5";
                }
              }
              default "1";
              description
                "Maximum route change";
            }

            leaf drop-on-zone-mismatch {
              type empty;
              description
                "Drop session if zone mismatches";
            }

            leaf no-l3l4-app-lookup {
              type empty;
              description
                "Ignore the look up for L3L4 custom app in APBR.";
            }

            leaf enable-logging {
              type empty;
              description
                "Enable AppTrack logging";
            }
          }  // container tunables

          list profile {
            key "name";
            ordered-by user;
            description
              "Configure advance-policy-based-routing profile";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Advance policy based routing profile name";
            }

            uses apply-advanced;

            list rule {
              key "name";
              ordered-by user;
              description
                "Specify an advance policy based routing rule";
              uses apbr_rule_type;
            }  // list rule
          }  // list profile

          list active-probe-params {
            key "name";
            ordered-by user;
            description
              "Active probe's settings";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Active probe setting name";
            }

            uses apply-advanced;

            container settings {
              description "Settings";
              uses appqoe-probe-params;
            }  // container settings
          }  // list active-probe-params

          list metrics-profile {
            key "name";
            ordered-by user;
            description
              "Configure metric profiles";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description "Profile name";
            }

            uses apply-advanced;

            container sla-threshold {
              description
                "Configure SLA metric threshold";
              uses appqoe_sla_metric_profile;
            }  // container sla-threshold
          }  // list metrics-profile

          list underlay-interface {
            key "name";
            ordered-by user;
            status deprecated;
            description
              "Underlay interface setting";
            leaf name {
              type union {
                type jt:interface-device;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Underlay Interface name";
            }

            uses apply-advanced;

            list unit {
              key "name";
              description
                "One of more logical interface unit-numbers";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1073741823";
                  }
                }
                description "Unit number";
              }

              uses apply-advanced;

              leaf link-type {
                type enumeration {
                  enum "IP" {
                    value 0;
                    description
                      "Select IP as the link-type";
                  }
                  enum "MPLS" {
                    value 1;
                    description
                      "Select MPLS as the link-type";
                  }
                }
                default "IP";
                description
                  "Link type of the interface";
              }

              leaf priority {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "1 .. 255";
                  }
                }
                default "255";
                description
                  "Configure the priority for selecting this link";
              }

              leaf speed {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000";
                  }
                }
                default "1000";
                description
                  "Speed of this link in Mbps";
              }
            }  // list unit
          }  // list underlay-interface

          list interface {
            junos:must "(!(".. underlay-interface"))";
            junos:must-message "interface knob cannot be configured along with underlay-interface";
            key "name";
            ordered-by user;
            description "Interface setting";
            leaf name {
              type union {
                type jt:interface-device;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            list unit {
              key "name";
              description
                "One of more logical interface unit-numbers";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1073741823";
                  }
                }
                description "Unit number";
              }

              uses apply-advanced;

              leaf link-tag {
                type string {
                  length "1 .. 63";
                }
                description
                  "Configure link-tag. Default is IP";
              }

              leaf priority {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "1 .. 255";
                  }
                }
                default "255";
                description
                  "Configure the priority for selecting this link";
              }

              leaf multipath-bandwidth {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 1000000";
                  }
                }
                default "1000";
                description
                  "Bandwidth of this link in Mbps";
              }

              leaf weight {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "1 .. 255";
                  }
                }
                default "1";
                description
                  "Configure the weight for selecting this link";
              }
            }  // list unit
          }  // list interface

          list overlay-path {
            key "name";
            ordered-by user;
            description
              "List of overlay paths";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Create a single instance of overlay path";
            }

            uses apply-advanced;

            container tunnel-path {
              presence "enable tunnel-path";
              description
                "Tunnel start & end ip addresses";
              uses appqoe-probe-path;
            }  // container tunnel-path

            container probe-path {
              presence "enable probe-path";
              description
                "Probe start & end ip addresses";
              uses appqoe-probe-path;
            }  // container probe-path
          }  // list overlay-path

          list destination-path-group {
            key "name";
            ordered-by user;
            description
              "Group of tunnels to a particular destination";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Destination group name";
            }

            uses apply-advanced;

            container probe-routing-instance {
              presence
                "enable probe-routing-instance";
              description
                "Set routing instance for the probe-path";
              uses apply-advanced;

              leaf routing-instance-name {
                type string;
                description
                  "Name of routing instance";
              }
            }  // container probe-routing-instance

            container inline-gre-encap {
              presence
                "enable inline-gre-encap";
              description
                "Enable inline GRE encapsulation";
            }  // container inline-gre-encap

            container active-probe-properties {
              presence
                "enable active-probe-properties";
              description
                "Additional applicable properties for the destination path group";
              uses apply-advanced;

              leaf active-probe-only {
                type empty;
                description
                  "Enable active probing only to the destination path group";
              }
            }  // container active-probe-properties

            list overlay-path {
              key "name";
              max-elements 20;
              ordered-by user;
              description "List of paths";
              leaf name {
                type string;
                description
                  "Name of Overlay Path";
              }

              uses apply-advanced;
            }  // list overlay-path
          }  // list destination-path-group

          container sla-options {
            presence "enable sla-options";
            description "Global SLA options";
            uses apply-advanced;

            container local-route-switch {
              presence
                "enable local-route-switch";
              status deprecated;
              description
                "Enable/disable Automatic local route switching";
              uses apply-advanced;

              leaf switch-type {
                type enumeration {
                  enum "enabled" {
                    value 0;
                    description "Enable";
                  }
                  enum "disabled" {
                    value 1;
                    description "Disable";
                  }
                }
              }
            }  // container local-route-switch

            container log {
              presence "enable log";
              description
                "Choose the logging mechanism";
              uses apply-advanced;

              leaf log-options {
                type enumeration {
                  enum "disabled" {
                    value 0;
                    description
                      "Disable logging";
                  }
                  enum "syslog" {
                    value 1;
                    description
                      "Choose syslog";
                  }
                }
              }
            }  // container log

            container log-type {
              presence "enable log-type";
              status deprecated;
              description
                "Choose the logging mechanism";
              uses apply-advanced;

              leaf log {
                type enumeration {
                  enum "disabled" {
                    value 0;
                    description
                      "Disable logging";
                  }
                  enum "syslog" {
                    value 1;
                    description
                      "Choose syslog";
                  }
                }
              }
            }  // container log-type

            container max-passive-probe-limit {
              presence
                "enable max-passive-probe-limit";
              description
                "Set max passive probe limits";
              uses apply-advanced;

              container number-of-probes {
                presence
                  "enable number-of-probes";
                description
                  "Number of passive probes to be sent";
                uses apply-advanced;

                leaf probes {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "10 .. 5000";
                    }
                  }
                  default "5000";
                  description
                    "Number of probes";
                }
              }  // container number-of-probes

              container interval {
                presence "enable interval";
                description
                  "Interval within which to send";
                uses apply-advanced;

                leaf refresh-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "500 .. 1000";
                    }
                  }
                  default "500";
                  description
                    "Interval in milli seconds";
                }
              }  // container interval
            }  // container max-passive-probe-limit

            leaf dynamic-load-balancer {
              type empty;
              description
                "Enable dynamic load balancer";
            }
          }  // container sla-options

          list sla-rule {
            key "name";
            ordered-by user;
            description "Create SLA rule";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description "Set rule name";
            }

            uses apply-advanced;

            container link-preferences {
              junos:must "(!(any "security advance-policy-based-routing sla-rule <*> link-type-affinity"))";
              junos:must-message "link-preferences knob cannot be configured along with link-type-affinity";
              junos:must "(!(any "security advance-policy-based-routing sla-rule <*> preferred-link-type"))";
              junos:must-message "link-preferences knob cannot be configured along with preferred-link-type";
              presence
                "enable link-preferences";
              description
                "Configure the link preferences";
              uses apply-advanced;

              leaf preferred-tag {
                type string {
                  length "1 .. 63";
                }
                description
                  "Configure the link-tag preference";
              }

              leaf affinity {
                type enumeration {
                  enum "strict" {
                    value 0;
                    description
                      "Strict link-tag affinity";
                  }
                }
                description
                  "Configure the link-tag affinity";
              }
            }  // container link-preferences

            leaf preferred-link-type {
              type enumeration {
                enum "IP" {
                  value 0;
                  status deprecated;
                  description
                    "IP link-type preference";
                }
                enum "MPLS" {
                  value 1;
                  status deprecated;
                  description
                    "MPLS link-type preference";
                }
                enum "Any" {
                  value 2;
                  status deprecated;
                  description
                    "Any link-type preference";
                }
              }
              status deprecated;
              description
                "Configure the link-type preference";
            }

            leaf link-type-affinity {
              type enumeration {
                enum "strict" {
                  value 0;
                  status deprecated;
                  description
                    "Strict link-type affinity";
                }
              }
              status deprecated;
              description
                "Configure the link-type affinity";
            }

            container switch-idle-time {
              presence
                "enable switch-idle-time";
              description
                "Idle timeout period where no SLA violation will be detected once path switch has happened";
              uses apply-advanced;

              leaf timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "5 .. 300";
                  }
                }
                default "60";
                description
                  "Idle timeout period (in seconds)";
              }
            }  // container switch-idle-time

            container metrics-profile {
              junos:must "(".. active-probe-params")";
              junos:must-message "active-probe-params must exist for metrics-profile";
              presence
                "enable metrics-profile";
              description
                "Set metrics profile for the SLA";
              uses apply-advanced;

              leaf metrics-profile-name {
                type string;
                description
                  "Metrics Profile name";
              }
            }  // container metrics-profile

            container active-probe-params {
              junos:must "(".. metrics-profile")";
              junos:must-message "metrics-profile must exist for active-probe-params";
              presence
                "enable active-probe-params";
              description
                "Set Probe params for the overlay-path";
              uses apply-advanced;

              leaf probe-params-name {
                type string;
                description
                  "Probe parameter's name";
              }
            }  // container active-probe-params

            leaf type {
              junos:must "((".. active-probe-params" && ".. metrics-profile"))";
              junos:must-message "metrics-profile and active-probe-params must exist for saas type SLA";
              type enumeration {
                enum "saas" {
                  value 0;
                  description
                    "Choose SaaS probing for the SLA";
                }
              }
              description
                "Choose type of SLA";
            }

            container passive-probe-params {
              junos:must "((".. active-probe-params" && ".. metrics-profile"))";
              junos:must-message "metrics-profile and active-probe-params must exist for passive-probe-params";
              presence
                "enable passive-probe-params";
              description
                "Passive probe settings";
              uses apply-advanced;

              container sampling-percentage {
                presence
                  "enable sampling-percentage";
                description
                  "Mininmum percentage of Sessions to be evaluated for the application";
                uses apply-advanced;

                leaf percentage {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 100";
                    }
                  }
                  default "5";
                  description "Percentage";
                }
              }  // container sampling-percentage

              container violation-count {
                presence
                  "enable violation-count";
                status deprecated;
                description
                  "Number of SLA violations within sampling period to be considered as a violation";
                uses apply-advanced;

                leaf count {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 32";
                    }
                  }
                  default "5";
                  description
                    "Violation Count";
                }
              }  // container violation-count

              container sampling-period {
                presence
                  "enable sampling-period";
                description
                  "Time period in which the sampling is done";
                uses apply-advanced;

                leaf period {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2000 .. 60000";
                    }
                  }
                  default "5000";
                  description
                    "Period (in milli-sec)";
                }
              }  // container sampling-period

              container sla-export-factor {
                presence
                  "enable sla-export-factor";
                description
                  "Enabled sampling window based SLA exporting";
                uses apply-advanced;

                leaf factor {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "5 .. 1000";
                    }
                  }
                  default "500";
                  description
                    "No of sampling windows after which to report";
                }
              }  // container sla-export-factor

              container type {
                presence "enable type";
                description
                  "Choose type of SLA measurement";
                uses apply-advanced;

                leaf type-val {
                  type enumeration {
                    enum "book-ended" {
                      value 0;
                      description
                        "Choose custom method of probing within WAN link";
                    }
                  }
                }
              }  // container type

              container sampling-frequency {
                presence
                  "enable sampling-frequency";
                description
                  "Sampling frequency settings";
                uses apply-advanced;

                container interval {
                  presence "enable interval";
                  description
                    "Time based sampling interval";
                  uses apply-advanced;

                  leaf sampling-interval {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 500";
                      }
                    }
                    default "100";
                    description
                      "Interval in milli seconds";
                  }
                }  // container interval

                container ratio {
                  presence "enable ratio";
                  description
                    "1:N based sampling ratio";
                  uses apply-advanced;

                  leaf sampling-ratio {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 10000";
                      }
                    }
                    default "200";
                    description "Value of N";
                  }
                }  // container ratio
              }  // container sampling-frequency
            }  // container passive-probe-params

            container multipath-rule {
              description
                "Set AppBased Multipath Routing action";
              uses apply-advanced;

              leaf multipath-rule-name {
                type string;
                description
                  "Multipath action parameter's name";
              }
            }  // container multipath-rule

            container violation-count {
              presence
                "enable violation-count";
              description
                "Number of SLA violations within sampling period to be considered as a violation";
              uses apply-advanced;

              leaf count {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 32";
                  }
                }
                default "5";
                description
                  "Violation Count";
              }
            }  // container violation-count
          }  // list sla-rule

          list multipath-rule {
            key "name";
            ordered-by user;
            description
              "APP based MULTIPATH Route Action's settings";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Multipath rule name";
            }

            uses apply-advanced;

            leaf number-of-paths {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 16";
                }
              }
              default "2";
              description
                "No. of Paths in Multipath";
            }

            leaf bandwidth-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              default "50";
              description
                "Bandwidth limit (bps) on slowest link to avoid saturation (%)";
            }

            leaf enable-reverse-wing {
              type empty;
              description
                "Packet copy enabled in reverse direction flow";
            }

            leaf-list application {
              type string;
              ordered-by user;
            }

            leaf-list application-group {
              type string;
              ordered-by user;
              description
                "Specify dynamic application group name to match";
            }

            leaf-list link-type {
              type string {
                length "1 .. 63";
              }
              ordered-by user;
              description
                "List of underlay interface user defined link types";
            }

            leaf-list link-preferences {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description
                "List of interface for link preferences";
            }
          }  // list multipath-rule

          list policy {
            key "name";
            ordered-by user;
            description
              "Define a policy context from this zone";
            leaf name {
              junos:must "((".. .. .. .. security zones security-zone $$" || ".. .. .. .. .. security zones security-zone $$"))";
              junos:must-message "Security zone must be defined";
              type string {
                length "1 .. 63";
              }
              description "Source zone";
            }

            uses apply-advanced;

            list policy {
              key "name";
              ordered-by user;
              description
                "Define security policy in specified zone-to-zone direction";
              uses sla_policy_type;
            }  // list policy
          }  // list policy
        }  // container advance-policy-based-routing

        container gtp {
          description
            "GPRS tunneling protocol configuration";
          uses gtp-object;
        }  // container gtp

        container sctp {
          presence "enable sctp";
          description
            "GPRS stream control transmission protocol configuration";
          uses sctp-object;
        }  // container sctp

        container ngfw {
          description
            "Next generation unified L4/L7 firewall";
          uses apply-advanced;

          container default-profile {
            description
              "Unified L4/L7 firewall default profile configuration";
            uses apply-advanced;

            container ssl-proxy {
              presence "enable ssl-proxy";
              description
                "SSL proxy services";
              uses apply-advanced;

              leaf profile-name {
                junos:must "("services ssl proxy profile $$")";
                junos:must-message "Referenced SSL proxy profile is not defined";
                type string;
                description
                  "Specify SSL proxy service profile name";
              }
            }  // container ssl-proxy

            container application-traffic-control {
              description
                "Application traffic control services";
              uses jsf_application_traffic_control_rule_set_type;
            }  // container application-traffic-control
          }  // container default-profile
        }  // container ngfw

        container tunnel-inspection {
          presence
            "enable tunnel-inspection";
          description
            "Security tunnel-inspection";
          uses apply-advanced;

          list inspection-profile {
            key "name";
            max-elements 256;
            ordered-by user;
            description
              "Security tunnel-inspection profile";
            uses tunnel-inspection-profile-type;
          }  // list inspection-profile

          list vni {
            key "name";
            max-elements 4096;
            ordered-by user;
            description
              "Security tunnel inspection vni";
            uses tunnel-inspection-vni-type;
          }  // list vni

          container traceoptions {
            description
              "Trace options for Network Security tunnel-inspection";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "flow" {
                    value 1;
                    description
                      "Trace flow events";
                  }
                  enum "all" {
                    value 2;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions
        }  // container tunnel-inspection

        container l3vpn {
          presence "enable l3vpn";
          uses apply-advanced;

          container traceoptions {
            description
              "Trace options for Network Security Vrf-group";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "flow" {
                    value 1;
                    description
                      "Trace flow events";
                  }
                  enum "all" {
                    value 2;
                    description
                      "Trace everything";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions

          list vrf-group {
            key "name";
            description
              "Configure vrf group";
            uses vrf-group-type;
          }  // list vrf-group
        }  // container l3vpn

        container cloud {
          presence "enable cloud";
          description
            "Configure Cloud security options";
          uses apply-advanced;

          container aws {
            description
              "Configure AWS security options";
            uses aws-object;
          }  // container aws

          container traceoptions {
            description
              "Configure cloudagent trace options";
            uses apply-advanced;

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 64";
                }
                description
                  "Name of file in which to write trace information";
              }
            }  // container file

            container level {
              description "Trace level";
              uses apply-advanced;

              choice level {
                leaf error {
                  type empty;
                  description
                    "Error messages";
                }
                leaf brief {
                  type empty;
                  description
                    "Brief messages";
                }
                leaf detail {
                  type empty;
                  description
                    "Detail messages";
                }
              }  // choice level
            }  // container level
          }  // container traceoptions
        }  // container cloud

        container macsec {
          description
            "MAC Security configuration";
          uses security-macsec;
        }  // container macsec
      }  // container security

      container applications {
        description
          "Define applications by protocol characteristics";
        uses apply-advanced;

        list application {
          key "name";
          ordered-by user;
          description
            "Define an application";
          uses application_object;
        }  // list application

        list application-set {
          key "name";
          ordered-by user;
          description
            "Define an application set";
          uses application_set_object;
        }  // list application-set
      }  // container applications

      container schedulers {
        description "Security scheduler";
        uses apply-advanced;

        list scheduler {
          key "name";
          ordered-by user;
          description
            "Scheduler configuration";
          uses scheduler_object_type;
        }  // list scheduler
      }  // container schedulers

      container access {
        presence "enable access";
        uses apply-advanced;

        container firewall-authentication {
          description
            "Type of firewall authentication";
          uses apply-advanced;

          container pass-through {
            description
              "Pass-through firewall authentication settings";
            uses apply-advanced;

            leaf default-profile {
              junos:must "(("access profile $$" || (".. .. .. .. .. access profile $$" && !(".. .. .. .. .. access disable-tenant-access"))))";
              junos:must-message "Profile must be defined in the [edit access profile] hierarchy or access to profile is disabled for tenants";
              type string {
                length "1 .. 250";
              }
              description
                "Name of default profile";
            }

            container ftp {
              description "FTP banners";
              uses banner-object;
            }  // container ftp

            container telnet {
              description "Telnet banners";
              uses banner-object;
            }  // container telnet

            container http {
              description "HTTP banners";
              uses banner-object;
            }  // container http
          }  // container pass-through

          container web-authentication {
            description
              "Web-authentication settings";
            uses apply-advanced;

            leaf default-profile {
              junos:must "(("access profile $$" || (".. .. .. .. .. access profile $$" && !(".. .. .. .. .. access disable-tenant-access"))))";
              junos:must-message "Profile must be defined in the [edit access profile] hierarchy or access to profile is disabled for tenants";
              type string {
                length "1 .. 250";
              }
              description
                "Name of profile to use for web-authentication";
            }

            container banner {
              uses apply-advanced;

              leaf success {
                type string {
                  length "1 .. 250";
                }
                description
                  "The message that will be displayed on successful login";
              }
            }  // container banner

            leaf timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type int32 {
                  range "5 .. 60";
                }
              }
              description
                "Web-authentication timeout value in seconds";
            }
          }  // container web-authentication

          container traceoptions {
            description
              "Firewall authentication tracing options";
            uses apply-advanced;

            leaf no-remote-trace {
              junos:must "("system tracing")";
              junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
              type empty;
              description
                "Disable remote tracing";
            }

            container file {
              description
                "Trace file information";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "3";
                description
                  "Maximum number of trace files";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice

              leaf match {
                type jt:regular-expression;
                description
                  "Regular expression for lines to be logged";
              }
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "configuration" {
                    value 0;
                    description
                      "Trace configuration events";
                  }
                  enum "setup" {
                    value 1;
                    description
                      "Trace setup of firewall authentication service";
                  }
                  enum "authentication" {
                    value 2;
                    description
                      "Trace authentication events";
                  }
                  enum "all" {
                    value 3;
                    description
                      "Trace with all flags enabled";
                  }
                }
              }
            }  // list flag
          }  // container traceoptions
        }  // container firewall-authentication

        list profile {
          key "name";
          ordered-by user;
          description
            "Set of attributes that define access";
          leaf name {
            type string {
              length "1 .. 63";
            }
            description "Profile name";
          }

          uses apply-advanced;

          leaf-list accounting-order {
            junos:must "(!(any ".. client <*> l2tp"))";
            junos:must-message "Not supported in tunnel client profile configuration";
            junos:must "(!(any ".. client <*> ike"))";
            junos:must-message "Not supported in IKE configuration";
            type enumeration {
              enum "radius" {
                value 0;
                description
                  "Remote Authentication Dial-In User Service";
              }
            }
            ordered-by user;
            description
              "Order in which accounting mechanisms are used";
          }

          leaf-list authentication-order {
            type enumeration {
              enum "radius" {
                junos:must "(!(any ".. .. client <*> l2tp"))";
                junos:must-message "Authentication-order cannot include RADIUS for tunnel client profile";
                value 0;
                description
                  "Remote Authentication Dial-In User Service";
              }
              enum "password" {
                value 1;
                description
                  "Locally configured password in access profile";
              }
              enum "none" {
                value 2;
                description
                  "No authentication performed";
              }
              enum "nasreq" {
                value 3;
                description
                  "Diameter based authentication and authorization using NASREQ application protocol";
              }
              enum "nas-5g" {
                value 4;
                description
                  "Authentication and authorization using 3GPP N1 and N2 signaling";
              }
              enum "ldap" {
                junos:must "((!(any ".. .. client <*> l2tp") && !(any ".. .. client <*> ppp")))";
                junos:must-message "Authentication-order cannot include LDAP for tunnel, ppp client profile";
                junos:must "((!(".. .. authentication-order $$={radius}") && (!(".. .. authentication-order $$={securid}") && !(".. .. authentication-order $$={s6a}"))))";
                junos:must-message "Only one of ldap, radius, ecurid or s6a can be specified";
                value 5;
                description
                  "Lightweight Directory Access Protocol";
              }
              enum "securid" {
                junos:must "((!(any ".. .. client <*> l2tp") && !(any ".. .. client <*> ppp")))";
                junos:must-message "Authentication-order cannot include securid for tunnel, ppp client profile";
                junos:must "((!(".. .. authentication-order $$={radius}") && (!(".. .. authentication-order $$={ldap}") && !(".. .. authentication-order $$={s6a}"))))";
                junos:must-message "Only one of ldap, radius, securid or s6a can be specified";
                value 6;
                description
                  "RSA SecurID Authentication";
              }
              enum "s6a" {
                junos:must "((!(any ".. .. client <*> l2tp") && !(any ".. .. client <*> ppp")))";
                junos:must-message "Authentication-order cannot include S6A for tunnel, ppp client profile";
                junos:must "((!(".. .. authentication-order $$={radius}") && (!(".. .. authentication-order $$={securid}") && !(".. .. authentication-order $$={ldap}"))))";
                junos:must-message "Only one of ldap, radius, securid or s6a can be specified";
                value 7;
                description
                  "S6a Authentication";
              }
            }
            ordered-by user;
            description
              "Order in which authentication mechanisms are used";
          }

          leaf-list authorization-order {
            type enumeration {
              enum "jsrc" {
                value 0;
                description
                  "Diameter based authorization using Juniper's SRC application protocol";
              }
              enum "nasreq" {
                value 1;
                description
                  "Diameter based authorization using NASREQ application protocol";
              }
              enum "none" {
                value 2;
                description
                  "No authorization performed";
              }
            }
            ordered-by user;
            description
              "Order in which authorization mechanisms are used";
          }

          leaf provisioning-order {
            type enumeration {
              enum "jsrc" {
                value 0;
                description
                  "Address authorization via SRC";
              }
              enum "gx-plus" {
                value 1;
                description
                  "Policy/service provisioning via GXPLUS";
              }
              enum "pcrf" {
                value 2;
                description
                  "Policy/service provisioning via PCRF";
              }
            }
            description
              "Order in which provisioning mechanisms are used";
          }

          leaf-list preauthentication-order {
            junos:must "(!(".. radius attributes exclude calling-station-id access-request"))";
            junos:must-message "calling-station-id is excluded from access request";
            type enumeration {
              enum "radius" {
                value 0;
                description
                  "Remote Authentication Dial-In User Service";
              }
            }
            ordered-by user;
            description
              "Order in which preauthentication mechanisms are used";
          }

          leaf-list charging-service-list {
            junos:must "(".. provisioning-order pcrf")";
            junos:must-message "charging-service-list requires provisioning-order pcrf";
            junos:must "(!(".. service accounting-order"))";
            junos:must-message "charging-service-list is mutually exclusive with service accounting";
            type enumeration {
              enum "ocs" {
                value 0;
                description
                  "Online charging service";
              }
            }
            ordered-by user;
            description
              "List of used 3gpp charging servicess";
          }

          list domain-name-server {
            key "name";
            ordered-by user;
            description
              "Default DNS server's IPv4 address";
            leaf name {
              type jt:ipv4addr;
              description "Address";
            }

            uses apply-advanced;
          }  // list domain-name-server

          list domain-name-server-inet {
            key "name";
            ordered-by user;
            description
              "DNS server's IPv4 address";
            leaf name {
              type jt:ipv4addr;
              description "Address";
            }

            uses apply-advanced;
          }  // list domain-name-server-inet

          list domain-name-server-inet6 {
            key "name";
            ordered-by user;
            description
              "DNS server's IPv6 address";
            leaf name {
              type jt:ipv6addr;
              description "Address";
            }

            uses apply-advanced;
          }  // list domain-name-server-inet6

          list wins-server {
            key "name";
            ordered-by user;
            description
              "Default WINS server's IPv4 address";
            leaf name {
              type jt:ipv4addr;
              description "Address";
            }

            uses apply-advanced;
          }  // list wins-server

          list client {
            junos:must "(((!(any ". <*> l2tp") || !(any ". <*> ppp")) && ((!(any ". <*> l2tp") || !(any ". <*> ike")) && (!(any ". <*> ike") || !(any ". <*> ppp")))))";
            junos:must-message "All clients in one profile must be either PPP or L2TP or IKE";
            key "name";
            description
              "Entity requesting access";
            uses access-client-object;
          }  // list client

          container address-assignment {
            description
              "Address assignment pool";
            uses apply-advanced;

            leaf pool {
              type string {
                length "1 .. 63";
              }
              description
                "Name of address-assignment pool";
            }

            leaf inet6-pool {
              type string {
                length "1 .. 63";
              }
              description
                "Name of address-assignment pool for family inet6";
            }
          }  // container address-assignment

          leaf session-limit-per-username {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16";
              }
            }
            description
              "Maximum number of sessions allowed per username";
          }

          container local {
            status deprecated;
            description
              "Set configuration for local reporting - obsolete config";
            uses apply-advanced;

            leaf flat-file-profile {
              junos:must "("accounting-options flat-file-profile $$")";
              junos:must-message "referenced flat-file-profile must be defined in accounting-options";
              type string;
              description
                "Specifies that the service accounting will be reported as per flat-file profile";
            }
          }  // container local

          container radius {
            description
              "Set of RADIUS configurations";
            uses apply-advanced;

            leaf-list authentication-server {
              type jt:ipaddr;
              ordered-by user;
              description
                "The authentication server list to use in the specified order to send authentication messages";
            }

            leaf-list accounting-server {
              type jt:ipaddr;
              ordered-by user;
              description
                "The accounting server list to use in the specified order to send accounting messages";
            }

            leaf-list preauthentication-server {
              type jt:ipv4addr;
              ordered-by user;
              description
                "The preauthentication server list to use in the specified order to send preauthentication messages";
            }

            leaf authentication-server-name {
              junos:must "(!(".. authentication-server"))";
              junos:must-message "cannot have both authentication-server and authentication-server-name";
              junos:must "(("access radius-server-name $$" || ".. .. radius-server-name $$"))";
              junos:must-message "referenced radius-server-name must be defined";
              type string {
                length "4 .. 255";
              }
              description
                "The authentication server to use to send authentication messages";
            }

            leaf accounting-server-name {
              junos:must "(!(".. accounting-server"))";
              junos:must-message "cannot have both accounting-server and accounting-server-name";
              junos:must "(("access radius-server-name $$" || ".. .. radius-server-name $$"))";
              junos:must-message "referenced radius-server-name must be defined";
              type string {
                length "4 .. 255";
              }
              description
                "The accounting server to use to send accounting messages";
            }

            container options {
              description
                "Specifies the RADIUS options";
              uses apply-advanced;

              leaf ethernet-port-type-virtual {
                type empty;
                description
                  "Type of physical port to authenticate the user is virtual (RADIUS attribute 61)";
              }

              container interface-description-format {
                description
                  "Interface description in the NAS-port-ID attribute";
                uses apply-advanced;

                leaf exclude-sub-interface {
                  type empty;
                  description
                    "Exclude sub-interface from interface description";
                }

                leaf exclude-adapter {
                  type empty;
                  description
                    "Exclude adapter from interface description";
                }

                leaf exclude-channel {
                  type empty;
                  description
                    "Exclude channel from interface description";
                }
              }  // container interface-description-format

              leaf nas-identifier {
                type string {
                  length "1 .. 64";
                }
                description
                  "NAS-Identifier to be used for authentication and accounting requests (RADIUS attribute 32)";
              }

              container nas-port-extended-format {
                description
                  "RADIUS client's use of an extended format for RADIUS attribute 5";
                uses apply-advanced;

                leaf ae-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the aggregated ethernet identifier field";
                }

                leaf slot-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the slot field";
                }

                leaf adapter-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the adapter field";
                }

                leaf port-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the port field";
                }

                leaf pw-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the pseudo-wire field";
                }

                leaf stacked-vlan-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the S-VLAN subinterface field";
                }

                leaf vlan-width {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 32";
                    }
                  }
                  units "bits";
                  description
                    "Number of bits for the VLAN subinterface field";
                }

                container atm {
                  description
                    "ATM specific parameters for NAS Port";
                  uses apply-advanced;

                  leaf slot-width {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 32";
                      }
                    }
                    units "bits";
                    description
                      "Number of bits for the ATM slot field";
                  }

                  leaf adapter-width {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 32";
                      }
                    }
                    units "bits";
                    description
                      "Number of bits for the ATM adapter field";
                  }

                  leaf port-width {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 32";
                      }
                    }
                    units "bits";
                    description
                      "Number of bits for the ATM port field";
                  }

                  leaf vpi-width {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 32";
                      }
                    }
                    units "bits";
                    description
                      "Number of bits for the ATM VPI field";
                  }

                  leaf vci-width {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 32";
                      }
                    }
                    units "bits";
                    description
                      "Number of bits for the ATM VCI field";
                  }
                }  // container atm
              }  // container nas-port-extended-format

              leaf nas-port-id-delimiter {
                type string {
                  length "1";
                }
                description
                  "Single character delimiter character to use in the NAS-Port-Id";
              }

              container nas-port-id-format {
                description
                  "Format methods for building the NAS-Port-Id radius attribute";
                uses apply-advanced;

                leaf nas-identifier {
                  type empty;
                  description
                    "Include the nas-identifier value";
                }

                leaf interface-description {
                  type empty;
                  description
                    "Include the interface-description value";
                }

                leaf agent-circuit-id {
                  type empty;
                  description
                    "Include (ACI) agent-circuit-id value";
                }

                leaf agent-remote-id {
                  type empty;
                  description
                    "Include (ARI) agent-remote-id value";
                }

                leaf postpend-vlan-tags {
                  type empty;
                  description
                    "Include the vlan tag(s) using :<outer>-<inner>";
                }

                leaf interface-text-description {
                  type empty;
                  description
                    "Include the interfaces description string";
                }

                leaf-list concatenated-vlan-tags {
                  type enumeration {
                    enum
                      "fixed-size-outer-tag" {
                      value 0;
                      description
                        "Fixed size outer VLAN tag value of 4 octets";
                    }
                    enum
                      "fixed-size-inner-tag" {
                      value 1;
                      description
                        "Fixed size inner VLAN tag value of 4 octets";
                    }
                  }
                  ordered-by user;
                  description
                    "Include the vlan tag(s) as a concatenated string";
                }

                leaf-list order {
                  junos:must "((!(".. nas-identifier") && (!(".. interface-description") && (!(".. agent-circuit-id") && (!(".. agent-remote-id") && (!(".. postpend-vlan-tags") && (!(".. concatenated-vlan-tags") && !(".. interface-text-description"))))))))";
                  junos:must-message "Order is mutually exclusive with other nas-port-id-format options";
                  type enumeration {
                    enum "nas-identifier" {
                      value 0;
                      description
                        "Include the nas-identifier value";
                    }
                    enum "agent-circuit-id" {
                      value 1;
                      description
                        "Include (ACI) agent-circuit-id value";
                    }
                    enum "agent-remote-id" {
                      value 2;
                      description
                        "Include (ARI) agent-remote-id value";
                    }
                    enum
                      "interface-description" {
                      value 3;
                      description
                        "Include the interface-description value";
                    }
                    enum
                      "interface-text-description" {
                      value 4;
                      description
                        "Include the interface's description string";
                    }
                    enum
                      "postpend-vlan-tags" {
                      value 5;
                      description
                        "Include the vlan tag(s) using :<outer>-<inner>";
                    }
                  }
                  ordered-by user;
                  description
                    "Order of options for appearance in the NAS-Port-Id string";
                }
              }  // container nas-port-id-format

              container nas-port-type {
                description
                  "Translation mechanism for changing the NAS-Port-Type radius attribute";
                uses apply-advanced;

                leaf ethernet {
                  type string;
                  description
                    "Translation mechanism for changing the Ethernet value";
                }
              }  // container nas-port-type

              leaf calling-station-id-delimiter {
                type string {
                  length "1";
                }
                description
                  "Single character separator for calling-station-id";
              }

              container calling-station-id-format {
                description
                  "Format method for building the calling-station-id";
                uses apply-advanced;

                leaf nas-identifier {
                  type empty;
                  description
                    "Include the nas-identifier value";
                }

                leaf interface-description {
                  type empty;
                  description
                    "Include the interface-description value";
                }

                leaf agent-circuit-id {
                  type empty;
                  description
                    "Include agent-circuit-id value";
                }

                leaf agent-remote-id {
                  type empty;
                  description
                    "Include agent-remote-id value";
                }

                leaf mac-address {
                  type empty;
                  description
                    "Include mac-address value";
                }

                leaf interface-text-description {
                  type empty;
                  description
                    "Include the interfaces description string";
                }

                leaf stacked-vlan {
                  type empty;
                  description
                    "Include the stacked vlan tag value";
                }

                leaf vlan {
                  type empty;
                  description
                    "Include the vlan tag value";
                }
              }  // container calling-station-id-format

              leaf accounting-session-id-format {
                type enumeration {
                  enum "decimal" {
                    value 0;
                    description
                      "Decimal-session-identifier";
                  }
                  enum "description" {
                    value 1;
                    description
                      "Description Format: <jnpr> <interface-type> <interface-specifier>:<session-identifier>";
                  }
                }
                description
                  "Decimal format or description format for the accounting session ID";
              }

              leaf accounting-session-id-strict {
                type empty;
                description
                  "Enforce exact match of accounting-session-id in CoA processing";
              }

              leaf revert-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 604800";
                  }
                }
                units "seconds";
                description
                  "Time after which to revert to primary server";
              }

              leaf vlan-nas-port-stacked-format {
                type empty;
                description
                  "Include the S-VLAN ID, in addition to the VLAN ID, for subscribers on Ethernet interfaces";
              }

              leaf client-authentication-algorithm {
                type enumeration {
                  enum "direct" {
                    value 0;
                    description
                      "Contacts the first AAA server on the list for each request, the second AAA server if the first one fails, and so on";
                  }
                  enum "round-robin" {
                    value 1;
                    description
                      "Contacts the first AAA server for the first request, the second AAA server for the second request, and so on";
                  }
                }
                description
                  "Algorithm to access the RADIUS servers for authentication";
              }

              leaf client-accounting-algorithm {
                type enumeration {
                  enum "direct" {
                    value 0;
                    description
                      "Contacts the first AAA server on the list for each request, the second AAA server if the first one fails, and so on";
                  }
                  enum "round-robin" {
                    value 1;
                    description
                      "Contacts the first AAA server for the first request, the second AAA server for the second request, and so on";
                  }
                }
                description
                  "Algorithm to access the RADIUS servers for accounting";
              }

              leaf juniper-access-line-attributes {
                type empty;
                description
                  "Include the Juniper (IANA 4874) access line VSAs in requests to RADIUS servers";
              }

              container ip-address-change-notify {
                junos:must "(".. .. .. accounting address-change-immediate-update")";
                junos:must-message "address-change-immediate-update must be configured";
                presence
                  "enable ip-address-change-notify";
                description
                  "Include IPv4-Release-Control VSA (26-164) in requests to RADIUS server";
                leaf message {
                  type string {
                    length "1 .. 32";
                  }
                  description
                    "Message to be added in IPv4-Release-Control VSA (26-164)";
                }
              }  // container ip-address-change-notify

              leaf coa-dynamic-variable-validation {
                type empty;
                description
                  "Enable strict dynamic variable validation (no undefined variable) in CoA processing";
              }

              leaf chap-challenge-in-request-authenticator {
                type empty;
                description
                  "Use 16-byte CHAP challenge as Request Authenticator";
              }

              container service-activation {
                description
                  "Service activation requirement for successful login";
                uses apply-advanced;

                leaf extensible-service {
                  type enumeration {
                    enum "required-at-login" {
                      value 0;
                      description
                        "Service activation must succeed to allow subscriber login";
                    }
                    enum "optional-at-login" {
                      value 1;
                      description
                        "Service activation success is not required to allow subscriber login";
                    }
                  }
                  default
                    "optional-at-login";
                  description
                    "Service activation of extensible services requirement for successful login";
                }

                leaf dynamic-profile {
                  type enumeration {
                    enum "required-at-login" {
                      value 0;
                      description
                        "Service activation must succeed to allow subscriber login";
                    }
                    enum "optional-at-login" {
                      value 1;
                      description
                        "Service activation success is not required to allow subscriber login";
                    }
                  }
                  default
                    "required-at-login";
                  description
                    "Service activation of dynamic-profile services requirement for successful login";
                }
              }  // container service-activation

              leaf accounting-username-original {
                type empty;
                description
                  "Use orignal (un-modified) username in accounting messages";
              }
            }  // container options

            container attributes {
              description
                "Specifies how RADIUS attributes should be handled";
              uses apply-advanced;

              container ignore {
                description
                  "Ignores the specified attribute in RADIUS Access-Accept messages";
                uses apply-advanced;

                leaf output-filter {
                  type empty;
                  description
                    "Juniper (IANA 4874) Output-filter / Egress-Policy-Name (VSA 26-11)";
                }

                leaf input-filter {
                  type empty;
                  description
                    "Juniper (IANA 4874) Input-filter / Ingress-Policy-Name (VSA 26-10)";
                }

                leaf framed-ip-netmask {
                  type empty;
                  description
                    "Framed-IP-Netmask (attribute 9)";
                }

                leaf logical-system-routing-instance {
                  type empty;
                  description
                    "Juniper (IANA 4874) Logical-system-routing-instance / Virtual-Router (VSA 26-1)";
                }

                leaf dynamic-iflset-name {
                  type empty;
                  description
                    "Juniper (IANA 4874) Dynamic interface set / Qos-Set-Name (VSA 26-130)";
                }

                leaf idle-timeout {
                  type empty;
                  description
                    "Idle-Timeout (attribute 28)";
                }

                leaf session-timeout {
                  type empty;
                  description
                    "Session-Timeout (attribute 27)";
                }

                leaf-list standard-attribute {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255";
                    }
                  }
                  ordered-by user;
                  description
                    "RADIUS standard attribute number";
                }

                list vendor-id {
                  key "name";
                  ordered-by user;
                  description
                    "Specify the vendor-identifier for a vendor-specific attribute (VSA)";
                  leaf name {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "1 .. 16777215";
                      }
                    }
                    description
                      "Vendor IANA enterprise number";
                  }

                  uses apply-advanced;

                  leaf-list vendor-attribute {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 255";
                      }
                    }
                    ordered-by user;
                    description
                      "Vendor specific attribute number";
                  }
                }  // list vendor-id
              }  // container ignore

              container exclude {
                description
                  "Configures the exclusion of RADIUS attributes in RADIUS messages";
                uses apply-advanced;

                list standard-attribute {
                  key "name";
                  ordered-by user;
                  description
                    "Specify RADIUS standard attribute number";
                  leaf name {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 255";
                      }
                    }
                    description
                      "RADIUS standard attribute number";
                  }

                  uses apply-advanced;

                  leaf-list packet-type {
                    type enumeration {
                      enum "access-request" {
                        value 0;
                        description
                          "RADIUS Access-Request message";
                      }
                      enum "accounting-on" {
                        value 1;
                        description
                          "RADIUS Accounting-On Message";
                      }
                      enum "accounting-off" {
                        value 2;
                        description
                          "RADIUS Accounting-Off message";
                      }
                      enum
                        "accounting-start" {
                        value 3;
                        description
                          "RADIUS Accounting-Start message";
                      }
                      enum "accounting-stop" {
                        value 4;
                        description
                          "RADIUS Accounting-Stop message";
                      }
                    }
                    ordered-by user;
                    description
                      "Specify packet types to be excluded";
                  }
                }  // list standard-attribute

                list vendor-id {
                  key "name";
                  ordered-by user;
                  description
                    "Specify the vendor-identifier for a vendor-specific attribute (VSA)";
                  leaf name {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "1 .. 16777215";
                      }
                    }
                    description
                      "Vendor IANA enterprise number";
                  }

                  uses apply-advanced;

                  list vendor-attribute {
                    key "name";
                    ordered-by user;
                    description
                      "Specify vendor specific attribute number";
                    leaf name {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range "1 .. 255";
                        }
                      }
                      description
                        "Vendor specific attribute number";
                    }

                    uses apply-advanced;

                    leaf-list packet-type {
                      type enumeration {
                        enum
                          "access-request" {
                          value 0;
                          description
                            "RADIUS Access-Request message";
                        }
                        enum "accounting-on" {
                          value 1;
                          description
                            "RADIUS Accounting-On Message";
                        }
                        enum
                          "accounting-off" {
                          value 2;
                          description
                            "RADIUS Accounting-Off message";
                        }
                        enum
                          "accounting-start" {
                          value 3;
                          description
                            "RADIUS Accounting-Start message";
                        }
                        enum
                          "accounting-stop" {
                          value 4;
                          description
                            "RADIUS Accounting-Stop message";
                        }
                      }
                      ordered-by user;
                      description
                        "Specify packet types to be excluded";
                    }
                  }  // list vendor-attribute
                }  // list vendor-id

                leaf-list accounting-authentic {
                  type enumeration {
                    enum "accounting-on" {
                      value 0;
                      description
                        "RADIUS Accounting-On Message";
                    }
                    enum "accounting-off" {
                      value 1;
                      description
                        "RADIUS Accounting-Off message";
                    }
                    enum "accounting-start" {
                      value 2;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 3;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 45, Acct-Authentic";
                }

                leaf-list accounting-delay-time {
                  type enumeration {
                    enum "accounting-on" {
                      value 0;
                      description
                        "RADIUS Accounting-On Message";
                    }
                    enum "accounting-off" {
                      value 1;
                      description
                        "RADIUS Accounting-Off message";
                    }
                    enum "accounting-start" {
                      value 2;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 3;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 41, Acct-Delay-Time";
                }

                leaf-list accounting-session-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 44, Acct-Session-ID";
                }

                leaf-list accounting-terminate-cause {
                  type enumeration {
                    enum "accounting-off" {
                      value 0;
                      description
                        "RADIUS Accounting-Off message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 49, Acct-Terminate-Cause";
                }

                leaf-list called-station-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 30, Called-Station-ID";
                }

                leaf-list calling-station-id {
                  type enumeration {
                    enum "access-request" {
                      junos:must "(!(".. .. .. .. .. preauthentication-order"))";
                      junos:must-message "Preauthentication-order and exclude calling-station-id in access-request are mutually exclusive";
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 31, Calling-Station-ID";
                }

                leaf-list class {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 25, Class";
                }

                leaf-list delegated-ipv6-prefix {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 123, Delegated-IPv6-Prefix";
                }

                leaf-list dhcp-options {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-55, DHCP-Options";
                }

                leaf-list dhcp-gi-address {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-57, DHCP-GI-Address";
                }

                leaf-list dhcp-mac-address {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-56, DHCP-MAC-Address";
                }

                leaf-list output-filter {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-11, Egress-Policy-Name";
                }

                leaf-list event-time-stamp {
                  type enumeration {
                    enum "accounting-on" {
                      value 0;
                      description
                        "RADIUS Accounting-On Message";
                    }
                    enum "accounting-off" {
                      value 1;
                      description
                        "RADIUS Accounting-Off message";
                    }
                    enum "accounting-start" {
                      value 2;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 3;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 55, Event-Timestamp";
                }

                leaf-list filter-id {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 11, Filter-Id";
                }

                leaf-list framed-ip-address {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 8, Framed-IP-Address";
                }

                leaf-list framed-ip-netmask {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 9, Framed-IP-Netmask";
                }

                leaf-list framed-ip-route {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 22, Framed-Route";
                }

                leaf-list framed-ipv6-address {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 168, Framed-IPV6-Address";
                }

                leaf-list framed-ipv6-pool {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 100, Framed-IPv6-Pool";
                }

                leaf-list framed-ipv6-prefix {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 97, Framed-IPv6-Prefix";
                }

                leaf-list framed-ipv6-route {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 99, Framed-IPv6-Route";
                }

                leaf-list framed-pool {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 88, Framed-Pool";
                }

                leaf-list input-filter {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-10, Ingress-Policy-Name";
                }

                leaf-list input-gigapackets {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-42, Acct-Input-Gigapackets";
                }

                leaf-list input-gigawords {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 52, Acct-Input-Gigawords";
                }

                leaf-list input-ipv6-packets {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-153, Acct-Input-IPv6-Packets";
                }

                leaf-list input-ipv6-gigawords {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-155, Acct-Input-IPv6-Gigawords";
                }

                leaf-list input-ipv6-octets {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-151, Acct-Input-IPv6-Octets";
                }

                leaf-list interface-description {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-63, Interface-Desc";
                }

                leaf-list nas-identifier {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-on" {
                      value 1;
                      description
                        "RADIUS Accounting-On Message";
                    }
                    enum "accounting-off" {
                      value 2;
                      description
                        "RADIUS Accounting-Off message";
                    }
                    enum "accounting-start" {
                      value 3;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 4;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 32, NAS-identifier";
                }

                leaf-list nas-port {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 5, NAS-Port";
                }

                leaf-list nas-port-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 87, NAS-Port-ID";
                }

                leaf-list nas-port-type {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 61, NAS-Port-Type";
                }

                leaf-list output-gigapackets {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-43, Acct-Output-Gigapackets";
                }

                leaf-list output-gigawords {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 53, Acct-Output-Gigawords";
                }

                leaf-list output-ipv6-packets {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-154, Acct-Output-IPv6-Packets";
                }

                leaf-list output-ipv6-gigawords {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-156, Acct-Output-IPv6-Gigawords";
                }

                leaf-list output-ipv6-octets {
                  type enumeration {
                    enum "accounting-stop" {
                      value 0;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA  26-152, Acct-Output-IPv6-Octets";
                }

                leaf-list dynamic-iflset-name {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-130, Dynamic-Iflset-Name";
                }

                leaf-list dsl-forum-attributes {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes DSL Forum RADIUS attributes (RFC 4679)";
                }

                leaf-list l2c-upstream-data {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-92, L2C-Upstream-Data";
                }

                leaf-list l2c-downstream-data {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-93, L2C-Downstream-Data";
                }

                leaf-list acc-loop-cir-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-110, Acc-Loop-Cir-Id";
                }

                leaf-list acc-aggr-cir-id-bin {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-111, Acc-Aggr-Cir-Id-Bin";
                }

                leaf-list acc-aggr-cir-id-asc {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-112, Acc-Aggr-Cir-Id-Asc";
                }

                leaf-list act-data-rate-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-113, Act-Data-Rate-Up";
                }

                leaf-list act-data-rate-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-114, Act-Data-Rate-Dn";
                }

                leaf-list min-data-rate-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-115, Min-Data-Rate-Up";
                }

                leaf-list min-data-rate-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-116, Min-Data-Rate-Dn";
                }

                leaf-list att-data-rate-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-117, Att-Data-Rate-Up";
                }

                leaf-list att-data-rate-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-118, Att-Data-Rate-Dn";
                }

                leaf-list max-data-rate-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-119, Max-Data-Rate-Up";
                }

                leaf-list max-data-rate-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-120, Max-Data-Rate-Dn";
                }

                leaf-list min-lp-data-rate-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-121, Min-Lp-Data-Rate-Up";
                }

                leaf-list min-lp-data-rate-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-122, Min-Lp-Data-Rate-Dn";
                }

                leaf-list max-interlv-delay-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-123, Max-Interlv-Delay-Up";
                }

                leaf-list act-interlv-delay-up {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-124, Act-Interlv-Delay-Up";
                }

                leaf-list max-interlv-delay-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-125, Max-Interlv-Delay-Dn";
                }

                leaf-list act-interlv-delay-dn {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-126, Act-Interlv-Delay-Dn";
                }

                leaf-list dsl-line-state {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-127, DSL-Line-State";
                }

                leaf-list dsl-type {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-128, DSL-Type";
                }

                leaf-list downstream-calculated-qos-rate {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-141, Downstream-Calculated-QoS-Rate";
                }

                leaf-list upstream-calculated-qos-rate {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) DSL VSA 26-142, Upstream-Calculated-QoS-Rate";
                }

                leaf-list cos-shaping-rate {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA 26-177, Cos-Shaping-Rate";
                }

                leaf-list framed-interface-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 96, Framed-Interface-Id";
                }

                leaf-list chargeable-user-identity {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 89, Chargeable-User-Identity";
                }

                leaf-list l2tp-tx-connect-speed {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA 26-162, , L2TP-Tx-Connect-Speed";
                }

                leaf-list l2tp-rx-connect-speed {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA 26-163, , L2TP-Rx-Connect-Speed";
                }

                leaf-list tunnel-type {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 64, Tunnel-Type";
                }

                leaf-list tunnel-medium-type {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 65, Tunnel-Medium-Type";
                }

                leaf-list tunnel-client-endpoint {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 66, Tunnel-Client-Endpoint";
                }

                leaf-list tunnel-server-endpoint {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 67, Tunnel-Server-Endpoint";
                }

                leaf-list tunnel-assignment-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 82, Tunnel-Assignment-Id";
                }

                leaf-list tunnel-client-auth-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 90, Tunnel-Client-Auth-Id";
                }

                leaf-list tunnel-server-auth-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 91, Tunnel-Server-Auth-Id";
                }

                leaf-list acct-tunnel-connection {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 68, Acct-Tunnel-Connection";
                }

                leaf-list acc-loop-remote-id {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA 26-XXX, ERX-Acc-Loop-Remote-Id";
                }

                leaf-list acc-loop-encap {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA 26-182, ERX-Acc-Loop-Encap";
                }

                leaf-list pppoe-description {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-24, PPPOE-Description";
                }

                leaf-list virtual-router {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Juniper (IANA 4874) VSA 26-1, Virtual-Router";
                }

                leaf-list first-relay-ipv4-address {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-189, DHCP-First-Relay-IPv4-Address";
                }

                leaf-list first-relay-ipv6-address {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-190, DHCP-First-Relay-IPv6-Address";
                }

                leaf-list dhcpv6-options {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                    enum "accounting-start" {
                      value 1;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 2;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-207, DHCPv6-Options";
                }

                leaf-list dhcp-header {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-208, DHCP-Header";
                }

                leaf-list dhcpv6-header {
                  type enumeration {
                    enum "access-request" {
                      value 0;
                      description
                        "RADIUS Access-Request message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-209, DHCPv6-Header";
                }

                leaf-list acct-request-reason {
                  type enumeration {
                    enum "accounting-start" {
                      value 0;
                      description
                        "RADIUS Accounting-Start message";
                    }
                    enum "accounting-stop" {
                      value 1;
                      description
                        "RADIUS Accounting-Stop message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes RADIUS attribute 26-210, Acct-Request-Reason";
                }
              }  // container exclude
            }  // container attributes
          }  // container radius

          container session-options {
            description
              "Options for an authenticated client's session";
            uses apply-advanced;

            leaf-list client-group {
              type string;
              ordered-by user;
              description
                "One or more groups to which client belongs";
            }

            leaf client-idle-timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10 .. 1440";
                }
              }
              units "minutes";
              description
                "Time in minutes of idleness after which access is denied";
            }

            leaf client-idle-timeout-ingress-only {
              type empty;
              description
                "Idle timeout applies to ingress traffic only";
            }

            leaf client-session-timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 527040";
                }
              }
              units "minutes";
              description
                "Time in minutes since initial access after which access is denied";
            }

            container strip-user-name {
              description
                "Options for stripping user name string";
              uses apply-advanced;

              container delimiter {
                description
                  "Allowable delimiter characters for strip user name separation";
                leaf characters {
                  type string {
                    length "1 .. 8";
                  }
                  description
                    "Sequence of characters without spaces and commas";
                }
              }  // container delimiter

              container parse-direction {
                description
                  "Strip user name parsing direction";
                choice direction {
                  leaf right-to-left {
                    type empty;
                    description
                      "Parse the username from right to left";
                  }
                  leaf left-to-right {
                    type empty;
                    description
                      "Parse the username field from left to right";
                  }
                }  // choice direction
              }  // container parse-direction
            }  // container strip-user-name

            container pcc-context {
              description
                "Pcc context configurations";
              uses apply-advanced;

              leaf pcef-profile {
                junos:must "("services pcef profile $$")";
                junos:must-message "Referenced pcef profile must be defined";
                type string;
                description
                  "Pcef profile name";
              }

              leaf input-service-set {
                junos:must "("services service-set $$")";
                junos:must-message "Referenced service-set must be defined";
                type string;
                description
                  "Input service-set name";
              }

              leaf output-service-set {
                junos:must "("services service-set $$")";
                junos:must-message "Referenced service-set must be defined";
                type string;
                description
                  "Output service-set name";
              }

              leaf input-ipv6-service-set {
                junos:must "("services service-set $$")";
                junos:must-message "Referenced service-set must be defined";
                type string;
                description
                  "Input ipv6 service set name";
              }

              leaf output-ipv6-service-set {
                junos:must "("services service-set $$")";
                junos:must-message "Referenced service-set must be defined";
                type string;
                description
                  "Output ipv6 service set name";
              }

              leaf input-service-filter {
                junos:must "("firewall family inet service-filter $$")";
                junos:must-message "Referenced service-filter must be defined";
                type string;
                description
                  "Input service filter name";
              }

              leaf output-service-filter {
                junos:must "("firewall family inet service-filter $$")";
                junos:must-message "Referenced service-filter must be defined";
                type string;
                description
                  "Output service filter name";
              }

              leaf input-ipv6-service-filter {
                junos:must "("firewall family inet6 service-filter $$")";
                junos:must-message "Referenced service-filter must be defined";
                type string;
                description
                  "Input ipv6 service filter name";
              }

              leaf output-ipv6-service-filter {
                junos:must "("firewall family inet6 service-filter $$")";
                junos:must-message "Referenced service-filter must be defined";
                type string;
                description
                  "Output ipv6 service filter name";
              }
            }  // container pcc-context
          }  // container session-options

          container client-name-filter {
            description
              "Restrictions on client names";
            uses access-client-name-filter-object;
          }  // container client-name-filter

          container ldap-options {
            junos:must "((!(any ".. client <*> l2tp") && (!(any ".. client <*> ike") && !(any ".. client <*> ppp"))))";
            junos:must-message "'ldap-options' statement is not supported in L2TP, IKE, or PPP configuration";
            description
              "Lightweight Directory Access Protocol options";
            uses access-ldap-options;
          }  // container ldap-options

          list ldap-server {
            junos:must "(".. ldap-options")";
            junos:must-message "ldap-options must be configured when ldap-server is configured";
            junos:must "((!(any ".. client <*> l2tp") && (!(any ".. client <*> ike") && !(any ".. client <*> ppp"))))";
            junos:must-message "'ldap-server' statement is not supported in L2TP, IKE, or PPP configuration";
            key "name";
            ordered-by user;
            description
              "Lightweight Directory Access Protocol server";
            uses ldap-server-object;
          }  // list ldap-server

          list radius-server {
            junos:must "(!(any ".. client <*> l2tp"))";
            junos:must-message "Not supported in L2TP configuration";
            key "name";
            ordered-by user;
            description
              "RADIUS server configuration";
            uses profile-radius-server-object;
          }  // list radius-server

          list radius-server-name {
            junos:must "(!(any ".. client <*> l2tp"))";
            junos:must-message "Not supported in L2TP configuration";
            key "name";
            ordered-by user;
            description
              "RADIUS server FQDN configuration";
            uses profile-radius-server-name-object;
          }  // list radius-server-name

          container radius-options {
            description "RADIUS options";
            uses access-radius-options;
          }  // container radius-options

          container accounting {
            description
              "Specifies the accounting options";
            uses apply-advanced;

            leaf-list order {
              type enumeration {
                enum "radius" {
                  value 0;
                  description
                    "Remote authentication dial-in user service";
                }
              }
              ordered-by user;
              description
                "Order in which accounting mechanisms are used";
            }

            leaf accounting-stop-on-failure {
              type empty;
              description
                "Send an Acct-Stop message if a user fails authentication, but AAA-server grants access";
            }

            leaf accounting-stop-on-access-deny {
              type empty;
              description
                "Send an Acct-Stop message if AAA-server denies access";
            }

            leaf immediate-update {
              type empty;
              description
                "Send an Acct-Update message on receipt of a Acct-response for the Acct-Start message";
            }

            leaf coa-immediate-update {
              type empty;
              description
                "Send an Acct-Update message on completion of processing a change of authorization";
            }

            leaf statistics {
              type enumeration {
                enum "volume-time" {
                  value 0;
                  description
                    "Configures the option to report both volume and uptime";
                }
                enum "time" {
                  value 1;
                  description
                    "Configures the option to report only uptime";
                }
              }
              description
                "Reports set of statistics attributes based on reporting type";
            }

            leaf wait-for-acct-on-ack {
              type empty;
              description
                "Wait for ACCT-ON-ACK";
            }

            leaf duplication {
              type empty;
              description
                "Send duplicated accounting reports if applied";
            }

            leaf-list duplication-filter {
              type enumeration {
                enum "interim-original" {
                  value 0;
                  description
                    "Do not send original accounting interims";
                }
                enum "interim-duplicated" {
                  value 1;
                  description
                    "Do not send duplicated accounting interims";
                }
                enum "exclude-attributes" {
                  value 2;
                  description
                    "Use duplication access profile exclude attributes";
                }
              }
              ordered-by user;
              description
                "Configure duplication filters";
            }

            container duplication-vrf {
              description
                "Duplication vrf configurations";
              uses apply-advanced;

              leaf vrf-name {
                type string {
                  length "1 .. 257";
                }
                description "VRF name";
              }

              leaf-list access-profile-name {
                type string {
                  length "1 .. 63";
                }
                max-elements 5;
                ordered-by user;
                description
                  "Access profile name";
              }
            }  // container duplication-vrf

            leaf-list duplication-attribute-format {
              type enumeration {
                enum "username" {
                  value 0;
                  description "Username";
                }
              }
              ordered-by user;
              description
                "Use attribute format defined under duplication accouting access-profile";
            }

            leaf ancp-speed-change-immediate-update {
              type empty;
              description
                "Send an Acct-Update message when ANCP speed change is detected";
            }

            leaf family-state-change-immediate-update {
              type empty;
              description
                "Send an Acct-Update message to notify address family activation state change";
            }
          }  // container accounting

          container service {
            description
              "Subscriber service configurations";
            uses apply-advanced;

            leaf accounting-order {
              type enumeration {
                enum "activation-protocol" {
                  value 0;
                  description
                    "Send service accounting reports via service activation protocol";
                }
                enum "radius" {
                  value 1;
                  description
                    "Send service accounting reports via radius protocol";
                }
                enum "local" {
                  junos:must "(".. .. local flat-file-profile")";
                  junos:must-message "local flat-file-profile must be configured under access profile for accounting-order local";
                  value 2;
                  description
                    "Send service accounting for local reporting - obsolete config";
                }
              }
              description
                "Order in which accounting mechanism service is used";
            }

            container accounting {
              description
                "Specifies the service accounting options";
              uses apply-advanced;

              leaf update-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "10 .. 1440";
                  }
                }
                units "minutes";
                description
                  "The interval in minutes between accounting updates(Interim-stats off, if not specified)";
              }

              leaf statistics {
                junos:must "(!(".. .. accounting-order $$={local}"))";
                junos:must-message "Statistics configuration is no-op when accounting-order is set to local for flat-file based accounting";
                type enumeration {
                  enum "time" {
                    value 0;
                    description
                      "Configures the option to report only uptime";
                  }
                  enum "volume-time" {
                    value 1;
                    description
                      "Configures the option to report both volume and uptime";
                  }
                }
                description
                  "Reports set of statistics attributes based on reporting type";
              }
            }  // container accounting
          }  // container service

          container jsrc {
            description
              "Set of JSRC configurations";
            uses apply-advanced;

            container attributes {
              description
                "Specifies how JSRC attributes should be handled";
              uses apply-advanced;

              container exclude {
                description
                  "Configures the exclusion of JSRC attributes in DIAMETER messages";
                uses apply-advanced;

                leaf-list user-name {
                  type enumeration {
                    enum
                      "authorization-request" {
                      value 0;
                      description
                        "Authorization AA-Request message";
                    }
                    enum
                      "provisioning-request" {
                      value 1;
                      description
                        "Provisioning AA-Request message";
                    }
                  }
                  ordered-by user;
                  description
                    "Excludes Diameter attribute 1, User-Name";
                }
              }  // container exclude
            }  // container attributes
          }  // container jsrc

          list subscriber {
            key "name";
            description
              "Locally authenticated subscriber configuration";
            uses localauth-subscriber-object;
          }  // list subscriber
        }  // list profile
      }  // container access

      container services {
        presence "enable services";
        uses apply-advanced;

        container icap-redirect {
          description
            "Configure ICAP redirection service";
          uses apply-advanced;

          list profile {
            key "name";
            ordered-by user;
            description
              "Congifure ICAP service profile";
            uses icap-profile-object;
          }  // list profile

          container traceoptions {
            description
              "ICAP redirect trace options";
            uses icap-redirect-traceoptions;
          }  // container traceoptions
        }  // container icap-redirect

        container security-intelligence {
          uses apply-advanced;

          container category {
            description
              "Category to be disabled";
            uses apply-advanced;

            container all {
              presence "enable all";
              description "All categories";
              uses apply-advanced;

              container disable {
                presence "enable disable";
                description
                  "To disable all categories";
              }  // container disable
            }  // container all

            list category-name {
              key "name";
              ordered-by user;
              uses secintel-category-disable;
            }  // list category-name
          }  // container category

          leaf url {
            type string;
            description
              "Configure the url of feed server [https://<ip or hostname>:<port>/<uri>]";
          }

          leaf url-parameter {
            type jt:unreadable;
            description
              "Configure the parameter of url";
          }

          leaf proxy-profile {
            junos:must "("services proxy profile")";
            junos:must-message "Proxy profile must be defined";
            type string {
              length "1 .. 64";
            }
            description
              "The proxy profile name";
          }

          container authentication {
            description
              "Authenticate to use feed update services";
            uses apply-advanced;

            leaf auth-token {
              type string {
                junos:posix-pattern "^[A-Za-z0-9]{32}$";
                junos:pattern-message "Auth token must be consisted of 32 alphanumeric characters";
              }
              description
                "Token string for authentication";
            }

            leaf tls-profile {
              junos:must "("services ssl initiation profile $$")";
              junos:must-message "Referenced SSL initiation profile is not defined";
              type string;
              description "TLS profile";
            }
          }  // container authentication

          leaf http-persist {
            type empty;
            description
              "Inspect all HTTP requests in a connection";
          }

          container traceoptions {
            description
              "Security intelligence trace options";
            uses secintel-traceoptions;
          }  // container traceoptions

          list profile {
            key "name";
            ordered-by user;
            description
              "Configure security intelligence profile";
            uses secintel-profile-setting;
          }  // list profile

          container default-policy {
            description
              "Configure security intelligence default policy";
            uses apply-advanced;

            list category-profiles {
              key "name";
              ordered-by user;
              description
                "Security intelligence category profiles";
              leaf name {
                type enumeration {
                  enum "IPFilter" {
                    value 0;
                    description "IPFilter";
                  }
                  enum "GeoIP" {
                    value 1;
                    description "GeoIP";
                  }
                  enum "CC" {
                    value 2;
                    description
                      "Command and control";
                  }
                  enum "Infected-Hosts" {
                    value 3;
                    description
                      "Infected-Hosts";
                  }
                  enum "DNS" {
                    value 4;
                    description "DNS";
                  }
                }
                description
                  "Name of security intelligence category";
              }

              uses apply-advanced;

              leaf profile-name {
                junos:must "("services security-intelligence profile $$")";
                junos:must-message "security intelligence profile must be defined";
                type string;
                description
                  "Name of profile";
              }
            }  // list category-profiles
          }  // container default-policy

          list policy {
            key "name";
            ordered-by user;
            description
              "Configure security intelligence policy";
            uses secintel-policy-setting;
          }  // list policy

          container global-disable-feed {
            presence
              "enable global-disable-feed";
            description
              "Security intelligence global feed disabling setting";
            uses apply-advanced;

            list feed-name {
              key "name";
              max-elements 32;
              ordered-by user;
              leaf name {
                type string {
                  length "1 .. 63";
                }
                description
                  "Name of security intelligence global Command and control feed";
              }

              uses apply-advanced;
            }  // list feed-name

            container all {
              presence "enable all";
              description
                "All of security intelligence global Command and control feed";
            }  // container all
          }  // container global-disable-feed
        }  // container security-intelligence

        container advanced-anti-malware {
          uses apply-advanced;

          container connection {
            presence "enable connection";
            description
              "Cloud service RE connection, only for master logical domain";
            uses apply-advanced;

            leaf url {
              junos:must "("services advanced-anti-malware connection authentication tls-profile")";
              junos:must-message "Authentication profile must be defined";
              type string;
              description
                "The url of the cloud server [https://<ip or hostname>:<port>]";
            }

            container authentication {
              description
                "The authentication profile for using cloud services";
              uses apply-advanced;

              leaf tls-profile {
                junos:must "(("services ssl initiation profile $$" && "services advanced-anti-malware connection url"))";
                junos:must-message "Referenced SSL initiation profile and URL must be defined";
                type string;
                description "TLS profile";
              }
            }  // container authentication

            leaf proxy-profile {
              junos:must "("services proxy profile $$")";
              junos:must-message "Referenced Proxy profile must be defined";
              type string {
                length "1 .. 63";
              }
              description "Proxy profile";
            }

            leaf source-address {
              type jt:ipaddr;
              description
                "The source ip for connecting to the cloud server.";
            }

            leaf source-interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "The source interface for connecting to the cloud server";
            }
          }  // container connection

          container default-policy {
            presence "enable default-policy";
            description
              "Advanced Anti-malware default policy";
            uses apply-advanced;

            container http {
              description
                "Configure HTTP options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              leaf file-verdict-unknown {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict unknown";
              }

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict meet threshold";
              }

              container client-notify {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                choice http-choice {
                  leaf file {
                    type string {
                      length "1 .. 255";
                    }
                    description
                      "File name for http response to client";
                  }
                  leaf message {
                    type string {
                      length "1 .. 1023";
                    }
                    description
                      "Block message to client";
                  }
                  leaf redirect-url {
                    type string {
                      junos:posix-pattern "^https?://.*";
                      junos:pattern-message "URL must begin with http:// or https://";
                      length "1 .. 1023";
                    }
                    description
                      "Redirect url to client";
                  }
                }  // choice http-choice
              }  // container client-notify

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container http

            container smtp {
              description
                "Configure SMTP options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container smtp

            container imap {
              description
                "Configure IMAP options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container imap

            container smb {
              description
                "Configure SMB options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict meet threshold";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container smb

            leaf verdict-threshold {
              type enumeration {
                enum "1" {
                  value 0;
                  description
                    "Verdict-threshold level 1";
                }
                enum "2" {
                  value 1;
                  description
                    "Verdict-threshold level 2";
                }
                enum "3" {
                  value 2;
                  description
                    "Verdict-threshold level 3";
                }
                enum "4" {
                  value 3;
                  description
                    "Verdict-threshold level 4";
                }
                enum "5" {
                  value 4;
                  description
                    "Verdict-threshold level 5";
                }
                enum "6" {
                  value 5;
                  description
                    "Verdict-threshold level 6";
                }
                enum "7" {
                  value 6;
                  description
                    "Verdict-threshold level 7";
                }
                enum "8" {
                  value 7;
                  description
                    "Verdict-threshold level 8";
                }
                enum "9" {
                  value 8;
                  description
                    "Verdict-threshold level 9";
                }
                enum "10" {
                  value 9;
                  description
                    "Verdict-threshold level 10";
                }
                enum "recommended" {
                  value 10;
                  description
                    "Recommended verdict-threshold";
                }
              }
              description
                "Verdict threshold";
            }

            leaf inspection-profile {
              type string {
                length "1 .. 63";
              }
              status deprecated;
              description
                "Advanced Anti-malware inspection-profile name";
            }

            container fallback-options {
              description
                "Fallback options for abnormal conditions";
              uses apply-advanced;

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for fallback conditions";
              }

              container notification {
                description
                  "Notification action taken for fallback action";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware fallback action";
                }
              }  // container notification

              container service-not-ready {
                description
                  "Service not ready yet";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container service-not-ready

              container invalid-content-size {
                description
                  "Content size exceed supported range";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container invalid-content-size

              container out-of-resources {
                description
                  "Service out of resources";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container out-of-resources

              container verdict-timeout {
                description
                  "Verdict timed out";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container verdict-timeout

              container submission-timeout {
                description
                  "Submission timed out";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container submission-timeout

              container unknown-file {
                description
                  "File type unknown";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container unknown-file
            }  // container fallback-options

            container default-notification {
              description
                "Notification action taken for action";
              uses apply-advanced;

              leaf log {
                type empty;
                description
                  "Logging option for Advanced Anti-malware action";
              }
            }  // container default-notification

            container whitelist-notification {
              description
                "Whitelist notification logging option";
              uses apply-advanced;

              leaf log {
                type empty;
                description
                  "Logging option for Advanced Anti-malware whitelist hit";
              }
            }  // container whitelist-notification

            container blacklist-notification {
              description
                "Blacklist notification logging option";
              uses apply-advanced;

              leaf log {
                type empty;
                description
                  "Logging option for Advanced Anti-malware blacklist hit";
              }
            }  // container blacklist-notification
          }  // container default-policy

          list policy {
            key "name";
            description
              "Advanced Anti-malware policy";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Policy name, default policy must name (default-policy)";
            }

            uses apply-advanced;

            container match {
              status deprecated;
              description
                "Policy match conditions";
              uses apply-advanced;

              leaf application {
                type enumeration {
                  enum "HTTP" {
                    value 0;
                    description
                      "HTTP Traffic";
                  }
                }
                description "Application";
              }

              leaf verdict-threshold {
                type enumeration {
                  enum "1" {
                    value 0;
                    description
                      "Verdict-threshold level 1";
                  }
                  enum "2" {
                    value 1;
                    description
                      "Verdict-threshold level 2";
                  }
                  enum "3" {
                    value 2;
                    description
                      "Verdict-threshold level 3";
                  }
                  enum "4" {
                    value 3;
                    description
                      "Verdict-threshold level 4";
                  }
                  enum "5" {
                    value 4;
                    description
                      "Verdict-threshold level 5";
                  }
                  enum "6" {
                    value 5;
                    description
                      "Verdict-threshold level 6";
                  }
                  enum "7" {
                    value 6;
                    description
                      "Verdict-threshold level 7";
                  }
                  enum "8" {
                    value 7;
                    description
                      "Verdict-threshold level 8";
                  }
                  enum "9" {
                    value 8;
                    description
                      "Verdict-threshold level 9";
                  }
                  enum "10" {
                    value 9;
                    description
                      "Verdict-threshold level 10";
                  }
                  enum "recommended" {
                    value 10;
                    description
                      "Recommended verdict-threshold";
                  }
                }
                description
                  "Verdict threshold";
              }
            }  // container match

            container then {
              junos:must "(".. match")";
              junos:must-message "match must be defined";
              status deprecated;
              uses apply-advanced;

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict meet threshold";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container then

            container http {
              description
                "Configure HTTP options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              leaf file-verdict-unknown {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict unknown";
              }

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict meet threshold";
              }

              container client-notify {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                choice http-choice {
                  leaf file {
                    type string {
                      length "1 .. 255";
                    }
                    description
                      "File name for http response to client";
                  }
                  leaf message {
                    type string {
                      length "1 .. 1023";
                    }
                    description
                      "Block message to client";
                  }
                  leaf redirect-url {
                    type string {
                      junos:posix-pattern "^https?://.*";
                      junos:pattern-message "URL must begin with http:// or https://";
                      length "1 .. 1023";
                    }
                    description
                      "Redirect url to client";
                  }
                }  // choice http-choice
              }  // container client-notify

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container http

            container smtp {
              description
                "Configure SMTP options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container smtp

            container imap {
              description
                "Configure IMAP options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification
            }  // container imap

            container smb {
              description
                "Configure SMB options";
              uses apply-advanced;

              leaf inspection-profile {
                type string {
                  length "1 .. 63";
                }
                description
                  "Advanced Anti-malware inspection-profile name (default:default_profile)";
              }

              container notification {
                description
                  "Notification action taken for contents with verdict meet threshold";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware actions";
                }
              }  // container notification

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for contents with verdict meet threshold";
              }
            }  // container smb

            leaf verdict-threshold {
              type enumeration {
                enum "1" {
                  value 0;
                  description
                    "Verdict-threshold level 1";
                }
                enum "2" {
                  value 1;
                  description
                    "Verdict-threshold level 2";
                }
                enum "3" {
                  value 2;
                  description
                    "Verdict-threshold level 3";
                }
                enum "4" {
                  value 3;
                  description
                    "Verdict-threshold level 4";
                }
                enum "5" {
                  value 4;
                  description
                    "Verdict-threshold level 5";
                }
                enum "6" {
                  value 5;
                  description
                    "Verdict-threshold level 6";
                }
                enum "7" {
                  value 6;
                  description
                    "Verdict-threshold level 7";
                }
                enum "8" {
                  value 7;
                  description
                    "Verdict-threshold level 8";
                }
                enum "9" {
                  value 8;
                  description
                    "Verdict-threshold level 9";
                }
                enum "10" {
                  value 9;
                  description
                    "Verdict-threshold level 10";
                }
                enum "recommended" {
                  value 10;
                  description
                    "Recommended verdict-threshold";
                }
              }
              description
                "Verdict threshold";
            }

            leaf inspection-profile {
              type string {
                length "1 .. 63";
              }
              status deprecated;
              description
                "Advanced Anti-malware inspection-profile name";
            }

            container fallback-options {
              description
                "Fallback options for abnormal conditions";
              uses apply-advanced;

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow contents";
                  }
                  enum "block" {
                    value 1;
                    description
                      "Disallow contents";
                  }
                }
                description
                  "Action taken for fallback conditions";
              }

              container notification {
                description
                  "Notification action taken for fallback action";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Advanced Anti-malware fallback action";
                }
              }  // container notification

              container service-not-ready {
                description
                  "Service not ready yet";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container service-not-ready

              container invalid-content-size {
                description
                  "Content size exceed supported range";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container invalid-content-size

              container out-of-resources {
                description
                  "Service out of resources";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container out-of-resources

              container verdict-timeout {
                description
                  "Verdict timed out";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container verdict-timeout

              container submission-timeout {
                description
                  "Submission timed out";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container submission-timeout

              container unknown-file {
                description
                  "File type unknown";
                uses apply-advanced;

                leaf action {
                  type enumeration {
                    enum "permit" {
                      value 0;
                      description
                        "Allow contents";
                    }
                    enum "block" {
                      value 1;
                      description
                        "Disallow contents";
                    }
                  }
                  description
                    "Action taken for fallback conditions";
                }

                container notification {
                  description
                    "Notification action taken for fallback action";
                  uses apply-advanced;

                  leaf log {
                    type empty;
                    description
                      "Logging option for Advanced Anti-malware fallback action";
                  }
                }  // container notification
              }  // container unknown-file
            }  // container fallback-options

            container default-notification {
              description
                "Notification action taken for action";
              uses apply-advanced;

              leaf log {
                type empty;
                description
                  "Logging option for Advanced Anti-malware action";
              }
            }  // container default-notification

            container whitelist-notification {
              description
                "Whitelist notification logging option";
              uses apply-advanced;

              leaf log {
                type empty;
                description
                  "Logging option for Advanced Anti-malware whitelist hit";
              }
            }  // container whitelist-notification

            container blacklist-notification {
              description
                "Blacklist notification logging option";
              uses apply-advanced;

              leaf log {
                type empty;
                description
                  "Logging option for Advanced Anti-malware blacklist hit";
              }
            }  // container blacklist-notification
          }  // list policy

          container traceoptions {
            description
              "Advanced Anti-malware trace options";
            uses aamwd-traceoptions;
          }  // container traceoptions
        }  // container advanced-anti-malware

        container user-identification {
          description
            "Configure user-identification";
          uses apply-advanced;

          container active-directory-access {
            presence
              "enable active-directory-access";
            description
              "Configure active directory access";
            uses apply-advanced;

            container traceoptions {
              description
                "Active-directory-access Tracing Options";
              uses apply-advanced;

              leaf no-remote-trace {
                junos:must "("system tracing")";
                junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
                type empty;
                description
                  "Disable remote tracing";
              }

              container file {
                description
                  "Trace file information";
                leaf filename {
                  type string {
                    junos:posix-pattern "![/ %]";
                    junos:pattern-message "Must not contain '/', % or a space";
                    length "1 .. 1024";
                  }
                  description
                    "Name of file in which to write trace information";
                }

                leaf size {
                  type string;
                  description
                    "Maximum trace file size";
                }

                leaf files {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 1000";
                    }
                  }
                  default "3";
                  description
                    "Maximum number of trace files";
                }

                choice world-readable-choice {
                  leaf world-readable {
                    type empty;
                    description
                      "Allow any user to read the log file";
                  }
                  leaf no-world-readable {
                    type empty;
                    description
                      "Don't allow any user to read the log file";
                  }
                }  // choice world-readable-choice

                leaf match {
                  type jt:regular-expression;
                  description
                    "Regular expression for lines to be logged";
                }
              }  // container file

              leaf level {
                type enumeration {
                  enum "error" {
                    value 0;
                    description
                      "Match error conditions";
                  }
                  enum "warning" {
                    value 1;
                    description
                      "Match warning messages";
                  }
                  enum "notice" {
                    value 2;
                    description
                      "Match conditions that should be handled specially";
                  }
                  enum "info" {
                    value 3;
                    description
                      "Match informational messages";
                  }
                  enum "verbose" {
                    value 4;
                    description
                      "Match verbose messages";
                  }
                  enum "all" {
                    value 5;
                    description
                      "Match all levels";
                  }
                }
                description
                  "Level of debugging output";
              }

              list flag {
                key "name";
                ordered-by user;
                description
                  "Tracing parameters";
                leaf name {
                  type enumeration {
                    enum
                      "active-directory-authentication" {
                      value 0;
                      description
                        "Trace active directory auth";
                    }
                    enum "configuration" {
                      value 1;
                      description
                        "Trace configuration";
                    }
                    enum "db" {
                      value 2;
                      description "Trace db";
                    }
                    enum "ip-user-mapping" {
                      value 3;
                      description
                        "Trace ip-user-mapping module";
                    }
                    enum "ip-user-probe" {
                      value 4;
                      description
                        "Trace ip-user-probe";
                    }
                    enum "ipc" {
                      value 5;
                      description
                        "Trace ipc";
                    }
                    enum
                      "user-group-mapping" {
                      value 6;
                      description
                        "Trace user-group-mapping module";
                    }
                    enum "wmic" {
                      value 7;
                      description
                        "Trace wmic";
                    }
                    enum "memory" {
                      value 8;
                      description
                        "Trace memory";
                    }
                    enum "all" {
                      value 9;
                      description
                        "Trace everything";
                    }
                  }
                }
              }  // list flag
            }  // container traceoptions

            list domain {
              key "name";
              max-elements 2;
              ordered-by user;
              description
                "Configure active-directory-access domain";
              leaf name {
                type string {
                  junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                  junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                  length "1 .. 64";
                }
                description "Domain name";
              }

              uses apply-advanced;

              container user {
                description "User name";
                uses apply-advanced;

                leaf user-name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                    length "1 .. 64";
                  }
                  description "User name";
                }

                leaf password {
                  type string {
                    length "1 .. 128";
                  }
                  description
                    "Password string";
                }
              }  // container user

              list domain-controller {
                key "name";
                max-elements 10;
                ordered-by user;
                description
                  "Domain controller";
                leaf name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                    length "1 .. 64";
                  }
                  description
                    "Domain controller name";
                }

                uses apply-advanced;

                leaf address {
                  type jt:ipaddr;
                  description
                    "Address of domain controller";
                }
              }  // list domain-controller

              container ip-user-mapping {
                description
                  "Ip-user-mapping";
                uses apply-advanced;

                container discovery-method {
                  description
                    "Discovery method";
                  uses apply-advanced;

                  container wmi {
                    presence "enable wmi";
                    description "WMI";
                    uses apply-advanced;

                    leaf event-log-scanning-interval {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint16 {
                          range "5 .. 60";
                        }
                      }
                      units "seconds";
                      description
                        "Interval of event log scanning";
                    }

                    leaf initial-event-log-timespan {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint16 {
                          range "1 .. 168";
                        }
                      }
                      units "hours";
                      description
                        "Event log scanning timespan";
                    }
                  }  // container wmi
                }  // container discovery-method
              }  // container ip-user-mapping

              container user-group-mapping {
                description
                  "User-group-mapping";
                uses user-group-mapping-type;
              }  // container user-group-mapping
            }  // list domain

            leaf no-on-demand-probe {
              type empty;
              description
                "Disable on-demand probe";
            }

            leaf authentication-entry-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              description
                "Authentication entry timeout number (0, 10-1440)";
            }

            leaf invalid-authentication-entry-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              description
                "Invalid authentication entry timeout number (0, 10-1440)";
            }

            leaf firewall-authentication-forced-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              description
                "Firewallauth fallback authentication entry forced timeout number (10-1440)";
            }

            leaf wmi-timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "3 .. 120";
                }
              }
              units "seconds";
              description
                "Wmi timeout number";
            }

            leaf thread {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 100";
                }
              }
              description
                "Thread to do PC probe";
            }

            leaf probe-rate {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "100 .. 1500";
                }
              }
              description
                "PC probe rate per minute";
            }

            leaf-list event-log-identifier {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description
                "Event log identifier";
            }

            leaf-list logon-type {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description "Logon type";
            }

            container filter {
              description
                "Configure filter address or prefix";
              uses apply-advanced;

              list include {
                key "name";
                max-elements 20;
                ordered-by user;
                description
                  "Include address";
                leaf name {
                  type jt:ipprefix;
                  description
                    "Address or prefix";
                }
              }  // list include

              list exclude {
                key "name";
                max-elements 20;
                ordered-by user;
                description
                  "Exclude address";
                leaf name {
                  type jt:ipprefix;
                  description
                    "Address or prefix";
                }
              }  // list exclude
            }  // container filter
          }  // container active-directory-access

          list authentication-source {
            key "name";
            max-elements 2;
            ordered-by user;
            description
              "Configure authentication-source";
            leaf name {
              type enumeration {
                enum "aruba-clearpass" {
                  value 0;
                  description
                    "Authentication source from Aruba ClearPass";
                }
              }
              description
                "Authenticaton source name";
            }

            uses apply-advanced;

            leaf authentication-entry-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              description
                "Aruba ClearPass authentication entry timeout number (0, 10-1440)";
            }

            leaf invalid-authentication-entry-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              description
                "Invalid authentication entry timeout number (0, 10-1440)";
            }

            container traceoptions {
              description
                "Aruba ClearPass authentication table Tracing Options";
              uses apply-advanced;

              leaf no-remote-trace {
                junos:must "("system tracing")";
                junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
                type empty;
                description
                  "Disable remote tracing";
              }

              container file {
                description
                  "Trace file information";
                leaf filename {
                  type string {
                    junos:posix-pattern "![/ %]";
                    junos:pattern-message "Must not contain '/', % or a space";
                    length "1 .. 1024";
                  }
                  description
                    "Name of file in which to write trace information";
                }

                leaf size {
                  type string;
                  description
                    "Maximum trace file size";
                }

                leaf files {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 1000";
                    }
                  }
                  default "3";
                  description
                    "Maximum number of trace files";
                }

                choice world-readable-choice {
                  leaf world-readable {
                    type empty;
                    description
                      "Allow any user to read the log file";
                  }
                  leaf no-world-readable {
                    type empty;
                    description
                      "Don't allow any user to read the log file";
                  }
                }  // choice world-readable-choice

                leaf match {
                  type jt:regular-expression;
                  description
                    "Regular expression for lines to be logged";
                }
              }  // container file

              leaf level {
                type enumeration {
                  enum "error" {
                    value 0;
                    description
                      "Match error conditions";
                  }
                  enum "warning" {
                    value 1;
                    description
                      "Match warning messages";
                  }
                  enum "notice" {
                    value 2;
                    description
                      "Match conditions that should be handled specially";
                  }
                  enum "info" {
                    value 3;
                    description
                      "Match informational messages";
                  }
                  enum "verbose" {
                    value 4;
                    description
                      "Match verbose messages";
                  }
                  enum "all" {
                    value 5;
                    description
                      "Match all levels";
                  }
                }
                description
                  "Level of debugging output";
              }

              list flag {
                key "name";
                ordered-by user;
                description
                  "Tracing parameters";
                leaf name {
                  type enumeration {
                    enum "all" {
                      value 0;
                      description
                        "Trace Aruba ClearPass all modules";
                    }
                    enum
                      "clearpass-authentication" {
                      value 1;
                      description
                        "Trace Aruba ClearPass auth table management module";
                    }
                    enum "configuration" {
                      value 2;
                      description
                        "Trace Aruba ClearPass configuration";
                    }
                    enum "dispatcher" {
                      value 3;
                      description
                        "Trace dispatcher module";
                    }
                    enum "ipc" {
                      value 4;
                      description
                        "Trace ipc";
                    }
                    enum "user-query" {
                      value 5;
                      description
                        "Trace user-query module";
                    }
                    enum "memory" {
                      value 6;
                      description
                        "Trace memory";
                    }
                  }
                }
              }  // list flag
            }  // container traceoptions

            container user-query {
              description
                "ClearPass individual user query";
              uses apply-advanced;

              container web-server {
                description
                  "Web server for user query";
                uses apply-advanced;

                leaf server-name {
                  type string {
                    length "1 .. 64";
                  }
                  description
                    "Web server name";
                }

                leaf connect-method {
                  type enumeration {
                    enum "https" {
                      value 0;
                      description
                        "HTTPS connection to web server";
                    }
                    enum "http" {
                      value 1;
                      description
                        "HTTP connection to web server";
                    }
                  }
                  description
                    "Method of connecting to web server";
                }

                leaf address {
                  type string {
                    length "1 .. 128";
                  }
                  description
                    "IP address or hostname of web server";
                }

                leaf port {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 65535";
                    }
                  }
                  default "443";
                  description
                    "Web server port";
                }
              }  // container web-server

              leaf ca-certificate {
                type string {
                  length "1 .. 256";
                }
                description
                  "Ca-certificate file name";
              }

              leaf client-id {
                type string {
                  length "1 .. 64";
                }
                description
                  "Client ID for OAuth2 grant";
              }

              leaf client-secret {
                type string {
                  length "1 .. 128";
                }
                description
                  "Client secret for OAuth2 grant";
              }

              leaf token-api {
                type string {
                  length "1 .. 128";
                }
                description
                  "API of acquiring token for OAuth2 authentication";
              }

              leaf query-api {
                type string {
                  length "4 .. 128";
                }
                description "User query API";
              }

              leaf delay-query-time {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "0 .. 60";
                  }
                }
                units "seconds";
                default "15";
                description
                  "Delay time to send user query (0~60sec)";
              }
            }  // container user-query

            container no-user-query {
              presence
                "enable no-user-query";
              description
                "Disable user query from ClearPass";
            }  // container no-user-query
          }  // list authentication-source

          container device-information {
            description
              "Device information configuration";
            uses apply-advanced;

            container authentication-source {
              description
                "Configure authentication-source";
              uses apply-advanced;

              leaf authentication-source-name {
                type enumeration {
                  enum "active-directory" {
                    value 0;
                    description
                      "From windows active directory";
                  }
                  enum
                    "network-access-controller" {
                    value 1;
                    description
                      "From network access controller such as Aruba ClearPass or JIMS";
                  }
                  enum "no-configured" {
                    value 2;
                    description
                      "No configuring authentication source for device entry";
                  }
                }
                default "no-configured";
              }
            }  // container authentication-source

            container end-user-profile {
              description
                "End-user-profile configuration";
              uses apply-advanced;

              list profile-name {
                key "name";
                ordered-by user;
                description
                  "End-user-profile profile-name configuration";
                leaf name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                    length "1 .. 64";
                  }
                  description
                    "End-user-profile profile-name";
                }

                uses apply-advanced;

                leaf domain-name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                    length "1 .. 64";
                  }
                  description "Domain name";
                }

                list attribute {
                  key "name";
                  ordered-by user;
                  description "Attribute";
                  leaf name {
                    type string;
                    description
                      "Attribute name";
                  }

                  uses apply-advanced;

                  choice attribute-value {
                    leaf-list string {
                      type string;
                      max-elements 20;
                      ordered-by user;
                      description
                        "Value type is strings";
                    }
                    container digital {
                      presence
                        "enable digital";
                      description
                        "Value type is digital";
                      uses apply-advanced;

                      leaf-list value {
                        type union {
                          type uint32;
                          type string {
                            pattern
                              "<.*>|$.*";
                          }
                        }
                        ordered-by user;
                        description
                          "Digital value";
                      }

                      list from {
                        key "name";
                        ordered-by user;
                        description
                          "Range of digital value";
                        leaf name {
                          type union {
                            type uint32;
                            type string {
                              pattern
                                "<.*>|$.*";
                            }
                          }
                          description
                            "Digit range's start value";
                        }

                        uses apply-advanced;

                        leaf to {
                          type union {
                            type uint32;
                            type string {
                              pattern
                                "<.*>|$.*";
                            }
                          }
                          description
                            "Digit range's end value";
                        }
                      }  // list from
                    }  // container digital
                  }  // choice attribute-value
                }  // list attribute
              }  // list profile-name
            }  // container end-user-profile

            container traceoptions {
              description
                "Device info related Tracing Options";
              uses apply-advanced;

              leaf no-remote-trace {
                junos:must "("system tracing")";
                junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
                type empty;
                description
                  "Disable remote tracing";
              }

              container file {
                description
                  "Trace file information";
                leaf filename {
                  type string {
                    junos:posix-pattern "![/ %]";
                    junos:pattern-message "Must not contain '/', % or a space";
                    length "1 .. 1024";
                  }
                  description
                    "Name of file in which to write trace information";
                }

                leaf size {
                  type string;
                  description
                    "Maximum trace file size";
                }

                leaf files {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 1000";
                    }
                  }
                  default "3";
                  description
                    "Maximum number of trace files";
                }

                choice world-readable-choice {
                  leaf world-readable {
                    type empty;
                    description
                      "Allow any user to read the log file";
                  }
                  leaf no-world-readable {
                    type empty;
                    description
                      "Don't allow any user to read the log file";
                  }
                }  // choice world-readable-choice

                leaf match {
                  type jt:regular-expression;
                  description
                    "Regular expression for lines to be logged";
                }
              }  // container file

              leaf level {
                type enumeration {
                  enum "error" {
                    value 0;
                    description
                      "Match error conditions";
                  }
                  enum "warning" {
                    value 1;
                    description
                      "Match warning messages";
                  }
                  enum "notice" {
                    value 2;
                    description
                      "Match conditions that should be handled specially";
                  }
                  enum "info" {
                    value 3;
                    description
                      "Match informational messages";
                  }
                  enum "verbose" {
                    value 4;
                    description
                      "Match verbose messages";
                  }
                  enum "all" {
                    value 5;
                    description
                      "Match all levels";
                  }
                }
                description
                  "Level of debugging output";
              }

              list flag {
                key "name";
                ordered-by user;
                description
                  "Tracing parameters";
                leaf name {
                  type enumeration {
                    enum "all" {
                      value 0;
                      description
                        "Trace device info all modules";
                    }
                    enum "auth-source" {
                      value 1;
                      description
                        "Trace Auth source module";
                    }
                    enum "configuration" {
                      value 2;
                      description
                        "Trace Device info configuration";
                    }
                    enum "device-table" {
                      value 3;
                      description
                        "Trace device table management module";
                    }
                    enum "ipid-all" {
                      value 4;
                      description
                        "Trace IPID all functions";
                    }
                    enum "ipid-db" {
                      value 5;
                      description
                        "Trace IPID Database function";
                    }
                    enum "ipid-entry" {
                      value 6;
                      description
                        "Trace IPID entry management function";
                    }
                    enum "ipid-ipc" {
                      value 7;
                      description
                        "Trace IPID communication processing function";
                    }
                    enum "ipid-message" {
                      value 8;
                      description
                        "Trace IPID message processing function";
                    }
                    enum "ipid-others" {
                      value 9;
                      description
                        "Trace IPID other function";
                    }
                    enum "ipid-server" {
                      value 10;
                      description
                        "Trace IPID server handling function";
                    }
                    enum "ipid-statistics" {
                      value 11;
                      description
                        "Trace IPID statistics handling function";
                    }
                    enum "ipid-task" {
                      value 12;
                      description
                        "Trace IPID task handling function";
                    }
                    enum "profile-lookup" {
                      value 13;
                      description
                        "Trace End-user-profile lookup function";
                    }
                    enum "memory" {
                      value 14;
                      description
                        "Trace memory";
                    }
                  }
                }
              }  // list flag
            }  // container traceoptions
          }  // container device-information

          container identity-management {
            description
              "Identity management configuration";
            uses apply-advanced;

            leaf authentication-entry-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              default "60";
              description
                "Authentication entry timeout number (0, 10-1440)";
            }

            leaf invalid-authentication-entry-timeout {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "minutes";
              default "30";
              description
                "Invalid authentication entry timeout number (0, 10-1440)";
            }

            leaf preserve-valid-user {
              type empty;
              description
                "Null user will not overwrite valid user for the same ip";
            }

            container connection {
              description
                "Connection to identity management";
              uses identity-management-connection-type;
            }  // container connection

            container jims-validator {
              description
                "Web server from JIMS for Validate or group query request";
              uses jims-validator-type;
            }  // container jims-validator

            container batch-query {
              description
                "Batch query parameters";
              uses batch-query-type;
            }  // container batch-query

            container ip-query {
              description
                "IP query parameters";
              uses apply-advanced;

              leaf query-delay-time {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "0 .. 60";
                  }
                }
                units "seconds";
                default "15";
                description
                  "Delay time to send IP query (0~60sec)";
              }

              container no-ip-query {
                presence
                  "enable no-ip-query";
                description
                  "Disable IP query";
              }  // container no-ip-query

              leaf max-connections {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 20";
                  }
                }
                description
                  "Max connection number";
              }
            }  // container ip-query

            container filter {
              description "Filter for query";
              uses apply-advanced;

              list domain {
                key "name";
                max-elements 20;
                ordered-by user;
                description "Domain filter";
                leaf name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                    length "1 .. 64";
                  }
                  description "Domain name";
                }
              }  // list domain

              container include-ip {
                description
                  "Include IP filter";
                uses address-filter-type;
              }  // container include-ip

              container exclude-ip {
                description
                  "Exclude IP filter";
                uses address-filter-type;
              }  // container exclude-ip
            }  // container filter

            container traceoptions {
              description "Tracing Options";
              uses ims-traceoptions-type;
            }  // container traceoptions
          }  // container identity-management

          container logical-domain-identity-management {
            description
              "Logical domain identity management configuration";
            uses apply-advanced;

            container active {
              description
                "Actve mode for logical domain identity management moudule";
              uses apply-advanced;

              leaf authentication-entry-timeout {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "minutes";
                default "60";
                description
                  "Authentication entry timeout number (0, 10-1440)";
              }

              leaf invalid-authentication-entry-timeout {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "minutes";
                default "30";
                description
                  "Invalid authentication entry timeout number (0, 10-1440)";
              }

              container ip-query {
                description
                  "IP query parameters";
                uses apply-advanced;

                leaf query-delay-time {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint8 {
                      range "0 .. 60";
                    }
                  }
                  units "seconds";
                  default "15";
                  description
                    "Delay time to send IP query (0~60sec)";
                }
              }  // container ip-query

              container filter {
                description
                  "Filter for query";
                uses apply-advanced;

                list domain {
                  key "name";
                  max-elements 20;
                  ordered-by user;
                  description
                    "Domain filter";
                  leaf name {
                    type string {
                      junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                      junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                      length "1 .. 64";
                    }
                    description
                      "Domain name";
                  }
                }  // list domain

                container include-ip {
                  description
                    "Include IP filter";
                  uses address-filter-type;
                }  // container include-ip

                container exclude-ip {
                  description
                    "Exclude IP filter";
                  uses address-filter-type;
                }  // container exclude-ip
              }  // container filter

              list query-server {
                key "name";
                max-elements 1;
                ordered-by user;
                description "Query server";
                leaf name {
                  type string {
                    junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
                    junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
                    length "1 .. 64";
                  }
                  description
                    "Query server name";
                }

                uses apply-advanced;

                container connection {
                  description
                    "Connection to identity management";
                  uses ims-connection-type;
                }  // container connection

                container batch-query {
                  description
                    "Batch query parameters";
                  uses batch-query-type;
                }  // container batch-query
              }  // list query-server
            }  // container active

            container traceoptions {
              description "Tracing Options";
              uses ims-traceoptions-type;
            }  // container traceoptions
          }  // container logical-domain-identity-management
        }  // container user-identification

        container security-metadata-streaming {
          uses apply-advanced;

          list policy {
            key "name";
            description
              "Security Metadata Streaming policy";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description "Policy name";
            }

            uses apply-advanced;

            container http {
              description
                "Configure HTTP options";
              uses apply-advanced;

              leaf action {
                type enumeration {
                  enum "permit" {
                    value 0;
                    description
                      "Allow traffic";
                  }
                }
                description
                  "Action for HTTP";
              }

              container notification {
                description
                  "Notification action taken for traffic";
                uses apply-advanced;

                leaf log {
                  type empty;
                  description
                    "Logging option for Security Metadata Streaming actions";
                }
              }  // container notification
            }  // container http

            container dns {
              description
                "Configure DNS options";
              uses apply-advanced;

              container cache {
                description
                  "Storing DNS in Cache till TTL";
                uses apply-advanced;

                container ttl {
                  presence "enable ttl";
                  description
                    "For setting TTL values";
                  uses apply-advanced;

                  leaf benign {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "60 .. 172800";
                      }
                    }
                    units "seconds";
                    default "86400";
                    description
                      "Set Benign TTL value";
                  }

                  leaf c2 {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "60 .. 172800";
                      }
                    }
                    units "seconds";
                    default "86400";
                    description
                      "Set C2 TTL value";
                  }
                }  // container ttl
              }  // container cache

              container detections {
                description
                  "Type of Detection Methods for DNS Request";
                uses apply-advanced;

                container dga {
                  description
                    "Detecting DGA Algorithms on DNS Packets";
                  uses apply-advanced;

                  leaf action {
                    type enumeration {
                      enum "permit" {
                        value 0;
                        description
                          "Allow the packet";
                      }
                      enum "deny" {
                        value 1;
                        description
                          "Drop the packet";
                      }
                      enum "sinkhole" {
                        value 2;
                        description
                          "Sinkhole the packet";
                      }
                    }
                    description
                      "Action to take on the DNS tunneled packet";
                  }

                  leaf verdict-timeout {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "50 .. 500";
                      }
                    }
                    units "milliseconds";
                    default "100";
                    description
                      "Time to wait for a verdict on DNS Packet";
                  }

                  leaf notification {
                    type enumeration {
                      enum "log" {
                        value 0;
                        description
                          "Log Everything";
                      }
                      enum "log-detections" {
                        value 1;
                        description
                          "Only log malicious DNS activity";
                      }
                    }
                    description
                      "Notification action taken for DNS DGA Detection";
                  }

                  container fallback-options {
                    description
                      "Fallback options for DNS DGA detection";
                    uses apply-advanced;

                    container notification {
                      description
                        "Notification action taken for the packet";
                      uses apply-advanced;

                      leaf log {
                        type empty;
                        description
                          "Log DNS Request";
                      }
                    }  // container notification
                  }  // container fallback-options
                }  // container dga

                container tunneling {
                  description
                    "Detecting DNS Tunneling";
                  uses apply-advanced;

                  leaf action {
                    type enumeration {
                      enum "permit" {
                        value 0;
                        description
                          "Allow the packet";
                      }
                      enum "deny" {
                        value 1;
                        description
                          "Drop the packet";
                      }
                      enum "sinkhole" {
                        value 2;
                        description
                          "Sinkhole the packet";
                      }
                    }
                    description
                      " Action to take on the DNS tunneled packet";
                  }

                  leaf notification {
                    type enumeration {
                      enum "log" {
                        value 0;
                        description
                          "Log Everything";
                      }
                      enum "log-detections" {
                        value 1;
                        description
                          "Only log malicious DNS activity";
                      }
                    }
                    description
                      "Notification action taken for DNS Tunneling Detection";
                  }

                  leaf inspection-depth {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint8 {
                        range "0 .. 10";
                      }
                    }
                    default "4";
                    description
                      "Number of packets to be inspected for Tunnel Detection";
                  }

                  container fallback-options {
                    description
                      "Fallback options for DNS Tunneling detection";
                    uses apply-advanced;

                    container notification {
                      description
                        "Notification action taken for the packet";
                      uses apply-advanced;

                      leaf log {
                        type empty;
                        description
                          "Log DNS Request";
                      }
                    }  // container notification
                  }  // container fallback-options
                }  // container tunneling

                container all {
                  junos:must "((!(" .. dga") && !(" .. tunneling")))";
                  junos:must-message "All can only be configured if no other detection is configured";
                  description
                    "All Detections";
                  uses apply-advanced;

                  leaf action {
                    type enumeration {
                      enum "permit" {
                        value 0;
                        description
                          "Allow the packet";
                      }
                      enum "deny" {
                        value 1;
                        description
                          "Drop the packet";
                      }
                      enum "sinkhole" {
                        value 2;
                        description
                          "Sinkhole the packet";
                      }
                    }
                    description
                      " Global Action to take on the DNS packet";
                  }

                  leaf notification {
                    type enumeration {
                      enum "log" {
                        value 0;
                        description
                          "Log Everything";
                      }
                      enum "log-detections" {
                        value 1;
                        description
                          "Only log malicious DNS activity";
                      }
                    }
                    description
                      "Global Notification action taken for DNS Detection Methods";
                  }

                  container fallback-options {
                    description
                      "Fallback options for DNS detections";
                    uses apply-advanced;

                    container notification {
                      description
                        "Notification action taken for the packet";
                      uses apply-advanced;

                      leaf log {
                        type empty;
                        description
                          "Log DNS Request";
                      }
                    }  // container notification
                  }  // container fallback-options
                }  // container all
              }  // container detections
            }  // container dns
          }  // list policy
        }  // container security-metadata-streaming

        container dns-filtering {
          presence "enable dns-filtering";
          uses apply-advanced;

          container traceoptions {
            description
              "Security intelligence trace options";
            uses dnsf-traceoptions-object;
          }  // container traceoptions

          container sinkhole {
            presence "enable sinkhole";
            description
              "DNS Sinkhole Configuration";
            uses apply-advanced;

            leaf ipv4-address {
              type jt:ipv4addr;
              description
                "Sinkhole IPv4 address";
            }

            leaf ipv6-address {
              type jt:ipv6addr;
              description
                "Sinkhole IPv6 address";
            }

            leaf fqdn {
              type string {
                length "1 .. 80";
              }
              description
                "FQDN sent as response to MX qeries";
            }

            leaf dns-resp-ttl {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 3600";
                }
              }
              units "seconds";
              default "1800";
              description
                "TTL to be used in DNS response";
            }

            leaf wildcarding-level {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 10";
                }
              }
              default "2";
              description
                "Wildcarding level for exact match";
            }

            leaf txt-resp-err-code {
              type enumeration {
                enum "Noerror" {
                  value 0;
                  description
                    "No error response";
                }
                enum "Refused" {
                  value 1;
                  description
                    "Refuse the DNS Query";
                }
              }
              default "Refused";
              description
                "Text response error code";
            }

            leaf srv-resp-err-code {
              type enumeration {
                enum "Noerror" {
                  value 0;
                  description
                    "No error response";
                }
                enum "Refused" {
                  value 1;
                  description
                    "Refuse the DNS Query";
                }
              }
              default "Refused";
              description
                "Server response error code";
            }
          }  // container sinkhole
        }  // container dns-filtering
      }  // container services

      container class-of-service {
        presence "enable class-of-service";
        description
          "Class-of-service configuration";
        uses apply-advanced;

        container application-traffic-control {
          presence
            "enable application-traffic-control";
          description
            "Application classifier configuration";
          uses apply-advanced;

          container traceoptions {
            description
              "Trace options for application classifier";
            uses appqos-traceoptions-type;
          }  // container traceoptions

          list rate-limiters {
            key "name";
            ordered-by user;
            description
              "Configure application-traffic-control rate limiters";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Application classifier rate-limiter name";
            }

            uses apply-advanced;

            leaf bandwidth-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "64 .. 10485760";
                }
              }
              units "kbps";
              description "Bandwidth limit";
            }

            leaf burst-size-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1342177280";
                }
              }
              units "bytes";
              description
                "Burst size limit (default with bandwidth-limit and no larger than 6400 * bandwidth)";
            }
          }  // list rate-limiters

          list rule-sets {
            key "name";
            ordered-by user;
            description
              "Configure application-traffic-control rule-sets";
            leaf name {
              type string {
                length "1 .. 63";
              }
              description
                "Application classifier rule-set name";
            }

            uses apply-advanced;

            list rule {
              key "name";
              ordered-by user;
              description "Rule";
              uses appqos_rule_type;
            }  // list rule
          }  // list rule-sets
        }  // container application-traffic-control
      }  // container class-of-service
    }  // grouping juniper-tenant

    grouping aamwd-traceoptions {
      description
        "Advanced anti-malware trace options";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description "Trace flags";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "Trace everything";
            }
            enum "connection" {
              value 1;
              description
                "Trace the connection to server";
            }
            enum "content" {
              value 2;
              description
                "Trace the content buffer management";
            }
            enum "daemon" {
              value 3;
              description
                "Trace advanced-anti-malware daemon";
            }
            enum "http" {
              value 4;
              description
                "Trace http protocol operations";
            }
            enum "identification" {
              value 5;
              description
                "Trace file identification";
            }
            enum "imap" {
              value 6;
              description
                "Trace imap protocol operations";
            }
            enum "parser" {
              value 7;
              description
                "Trace protocol context parser";
            }
            enum "plugin" {
              value 8;
              description
                "Trace advanced-anti-malware plugin";
            }
            enum "policy" {
              value 9;
              description
                "Trace advanced-anti-malware policy";
            }
            enum "smb" {
              value 10;
              description
                "Trace smb protocol operations";
            }
            enum "smtp" {
              value 11;
              description
                "Trace smtp protocol operations";
            }
          }
        }
      }  // list flag
    }  // grouping aamwd-traceoptions

    grouping access-client-name-filter-object {
      description
        "Restrictions on client names authenticated on this server";
      uses apply-advanced;

      leaf domain-name {
        type string;
        description
          "Domain name to match (must be part of username)";
      }

      leaf separator {
        type string {
          length "1";
        }
        description
          "Separator character in domain name";
      }

      leaf count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 255";
          }
        }
        default "0";
        description
          "Number of separator instances";
      }
    }  // grouping access-client-name-filter-object

    grouping access-client-object {
      leaf name {
        type string;
        description
          "Name of entity requesting access";
      }

      uses apply-advanced;

      leaf no-rfc2486 {
        type empty;
        description
          "RFC2486 compliance is not enforced";
      }

      leaf chap-secret {
        type jt:unreadable;
        description "CHAP secret";
      }

      leaf pap-password {
        type jt:unreadable;
        description "PAP password";
      }

      choice client_type {
        case case_1 {
        }  // case case_1

        case case_2 {
        }  // case case_2
      }  // choice client_type

      container xauth {
        description
          "Configure xauth attributes";
        uses apply-advanced;

        leaf ip-address {
          type jt:ipv4prefix;
          description
            "Specify the ip-address for client";
        }
      }  // container xauth

      leaf-list client-group {
        type string;
        ordered-by user;
        description
          "One or more groups to which the client belongs";
      }

      container firewall-user {
        description
          "Client is configured as a firewall user";
        uses apply-advanced;

        leaf password {
          type string {
            length "1 .. 128";
          }
          description "Password for user";
        }
      }  // container firewall-user
    }  // grouping access-client-object

    grouping access-ldap-options {
      uses apply-advanced;

      leaf revert-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "60 .. 4294967295";
          }
        }
        units "seconds";
        default "600";
        description
          "Time after which to revert to primary server";
      }

      leaf base-distinguished-name {
        type string;
        description
          "Suffix when assembling user distinguished name (DN) or base DN under which to search for user DN";
      }

      choice search_type {
        container assemble {
          presence "enable assemble";
          description
            "Derive user distinguished name from 'common-name' and 'base-distinguished-name'";
          uses apply-advanced;

          leaf common-name {
            type string;
            default "cn";
            description
              "Prefix in user distinguished name (for example, 'cn' or 'uid')";
          }
        }  // container assemble
        container search {
          presence "enable search";
          description
            "Search for user's distinguished name";
          uses apply-advanced;

          leaf search-filter {
            type string;
            description
              "Filter to use in search (examples: 'cn=' or 'givenName=')";
          }

          container admin-search {
            presence "enable admin-search";
            description
              "Perform an administrator search to find user's distinguished name";
            uses apply-advanced;

            leaf distinguished-name {
              type string;
              description
                "Administrator's distinguished name";
            }

            leaf password {
              type jt:unreadable;
              description
                "Administrator password";
            }
          }  // container admin-search
        }  // container search
      }  // choice search_type
    }  // grouping access-ldap-options

    grouping access-radius-options {
      uses apply-advanced;

      leaf revert-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 604800";
          }
        }
        units "seconds";
        default "60";
        description
          "Time after which to revert to primary server";
      }

      leaf timeout-grace {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 30";
          }
        }
        units "seconds";
        default "10";
        description
          "The period after a RADIUS server times out before marking the server as dead";
      }

      leaf request-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "100 .. 4000";
          }
        }
        default "500";
        description
          "Maximum number of RADIUS requests sent per second";
      }

      leaf interim-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "50 .. 4000";
          }
        }
        default "500";
        description
          "Maximum number of RADIUS requests sent per second";
      }

      leaf interim-update-tolerance {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 600";
          }
        }
        units "seconds";
        default "60";
        status deprecated;
        description
          "Maximum tolerance for Interim Updates to RADIUS";
      }

      container unique-nas-port {
        junos:must "(!(any "access profile <*> radius options vlan-nas-port-stacked-format"))";
        junos:must-message "unique-nas-port is not supported with vlan-nas-port-stacked-format";
        junos:must "(!(any "access profile <*> radius options nas-port-extended-format"))";
        junos:must-message "unique-nas-port is not supported with nas-port-extended-format";
        presence "enable unique-nas-port";
        description
          "Use unique value for NAS-Port radius attribute";
        uses apply-advanced;

        leaf chassis-id {
          junos:must "(".. chassis-id-width")";
          junos:must-message "chassis-id-width must be configured";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 127";
            }
          }
          description
            "Configure chassis identifier field of NAS-Port";
        }

        leaf chassis-id-width {
          junos:must "(".. chassis-id")";
          junos:must-message "chassis-id must be configured";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 7";
            }
          }
          units "bits";
          description
            "Number of bits for the chassis identifier field of NAS-Port";
        }
      }  // container unique-nas-port
    }  // grouping access-radius-options

    grouping address-filter-type {
      description "IP address filter";
      uses apply-advanced;

      leaf address-book {
        type string;
        description
          "Referenced address book";
      }

      leaf address-set {
        type string {
          length "1 .. 63";
        }
        description "Referenced address set";
      }
    }  // grouping address-filter-type

    grouping alg-object {
      uses apply-advanced;

      container traceoptions {
        description "ALG trace options";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        leaf level {
          type enumeration {
            enum "brief" {
              value 0;
              description "Brief messages";
            }
            enum "detail" {
              value 1;
              description "Detail messages";
            }
            enum "extensive" {
              value 2;
              description
                "Extensive messages";
            }
            enum "verbose" {
              value 3;
              description "Verbose messages";
            }
          }
          default "brief";
          description
            "Set level of tracing output";
        }
      }  // container traceoptions

      container alg-manager {
        description "Configure ALG-MANAGER";
        leaf clear-dont-frag-bit {
          type empty;
          description
            "Enable ALG clear DF(don't frag) bit in IP header";
        }

        container traceoptions {
          description
            "ALG-MANAGER trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "ALG-MANAGER trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container alg-manager

      container alg-support-lib {
        description
          "Configure ALG-SUPPORT-LIB";
        container traceoptions {
          description
            "ALG-SUPPORT-LIB trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "ALG-SUPPORT-LIB trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container alg-support-lib

      container dns {
        description "Configure DNS ALG";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable DNS ALG";
        }

        leaf maximum-message-length {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "512 .. 8192";
            }
          }
          units "bytes";
          default "512";
          description
            "Set maximum message length";
        }

        leaf oversize-message-drop {
          type empty;
          description
            "Drop oversized DNS packets";
        }

        container doctoring {
          description
            "Configure DNS ALG doctoring";
          uses apply-advanced;

          choice type {
            leaf none {
              type empty;
              description
                "Disable all DNS ALG Doctoring";
            }
            leaf sanity-check {
              type empty;
              description
                "Perform only DNS ALG sanity checks";
            }
          }  // choice type
        }  // container doctoring

        container traceoptions {
          description
            "DNS ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "DNS ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container dns

      container ftp {
        description "Configure FTP ALG";
        leaf disable {
          type empty;
          description "Disable FTP ALG";
        }

        leaf ftps-extension {
          type empty;
          description
            "Enable secure FTP and FTP-ssl protocols";
        }

        leaf line-break-extension {
          type empty;
          description
            "Enable CR+LF line termination";
        }

        leaf allow-mismatch-ip-address {
          type empty;
          description
            "Pass FTP packets with mismatched ip address headers and payload";
        }

        container traceoptions {
          description
            "FTP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "FTP ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container ftp

      container h323 {
        presence "enable h323";
        description "Configure H.323 ALG";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable H.323 ALG";
        }

        leaf endpoint-registration-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 65535";
            }
          }
          units "seconds";
          default "64800";
          description
            "Timeout for endpoints";
        }

        leaf media-source-port-any {
          type empty;
          description
            "Permit media from any source port on the endpoint";
        }

        container application-screen {
          description
            "Configure application screens";
          uses apply-advanced;

          container unknown-message {
            description
              "Configure ALG action on receiving an unknown message";
            uses apply-advanced;

            leaf permit-nat-applied {
              type empty;
              description
                "Permit unknown messages on packets that are NATed";
            }

            leaf permit-routed {
              type empty;
              description
                "Permit unknown messages on routed packets";
            }
          }  // container unknown-message

          container message-flood {
            description
              "Configure Message flood ALG options";
            uses apply-advanced;

            container gatekeeper {
              description
                "Set options for gatekeeper messages";
              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 50000";
                  }
                }
                units "messages per second";
                default "1000";
                description
                  "Message flood gatekeeper threshold";
              }
            }  // container gatekeeper
          }  // container message-flood
        }  // container application-screen

        container dscp-rewrite {
          description "DSCP code rewrite";
          uses apply-advanced;

          leaf code-point {
            type string {
              junos:posix-pattern "^([01]{6})$";
              junos:pattern-message "Must be form of xxxxxx, where x is 1 or 0";
            }
            description
              "Set dscp codepoint 6-bit string";
          }
        }  // container dscp-rewrite

        container traceoptions {
          description
            "H.323 ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "H.323 ALG trace flags";
            leaf name {
              type enumeration {
                enum "q931" {
                  value 0;
                  description
                    "Enable tracing for Q.931 processing";
                }
                enum "h245" {
                  value 1;
                  description
                    "Enable tracing for H.245 processing";
                }
                enum "ras" {
                  value 2;
                  description
                    "Enable tracing for RAS processing";
                }
                enum "h225-asn1" {
                  value 3;
                  description
                    "Enable tracing for H.225 ASN.1 processing";
                }
                enum "h245-asn1" {
                  value 4;
                  description
                    "Enable tracing for H.245 ASN.1 processing";
                }
                enum "ras-asn1" {
                  value 5;
                  description
                    "Enable tracing for RAS ASN.1 processing";
                }
                enum "chassis-cluster" {
                  value 6;
                  description
                    "Enable tracing for H.323 chassis cluster functions";
                }
                enum "all" {
                  value 7;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf terse {
                type empty;
                description
                  "Set trace verbosity level to terse";
              }
              leaf detail {
                type empty;
                description
                  "Set trace verbosity level to detail";
              }
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container h323

      container mgcp {
        presence "enable mgcp";
        description "Configure MGCP ALG";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable MGCP ALG";
        }

        leaf inactive-media-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 2550";
            }
          }
          units "seconds";
          default "120";
          description
            "Set inactive media timeout";
        }

        leaf transaction-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 50";
            }
          }
          units "seconds";
          default "30";
          description
            "Set transaction timeout";
        }

        leaf maximum-call-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 720";
            }
          }
          units "minutes";
          default "720";
          description
            "Set maximum call duration";
        }

        container application-screen {
          description
            "Configure application screens";
          uses apply-advanced;

          container unknown-message {
            description
              "Configure ALG action on receiving an unknown message";
            uses apply-advanced;

            leaf permit-nat-applied {
              type empty;
              description
                "Permit unknown messages on packets that are NATed";
            }

            leaf permit-routed {
              type empty;
              description
                "Permit unknown messages on routed packets";
            }
          }  // container unknown-message

          container message-flood {
            description
              "Set message flood ALG options";
            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 50000";
                }
              }
              units
                "messages per second per MG";
              default "100";
              description
                "Message flood threshold";
            }
          }  // container message-flood

          container connection-flood {
            description
              "Set connection flood options";
            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 10000";
                }
              }
              units
                "connection requests per second per MG";
              default "10";
              description
                "Connection flood threshold";
            }
          }  // container connection-flood
        }  // container application-screen

        container dscp-rewrite {
          description "DSCP code rewrite";
          uses apply-advanced;

          leaf code-point {
            type string {
              junos:posix-pattern "^([01]{6})$";
              junos:pattern-message "Must be form of xxxxxx, where x is 1 or 0";
            }
            description
              "Set dscp codepoint 6-bit string";
          }
        }  // container dscp-rewrite

        container traceoptions {
          description
            "MGCP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "MGCP ALG trace flags";
            leaf name {
              type enumeration {
                enum "call" {
                  value 0;
                  description
                    "Enable tracing for MGCP call processing";
                }
                enum "decode" {
                  value 1;
                  description
                    "Enable tracing for MGCP decoder operations";
                }
                enum "error" {
                  value 2;
                  description
                    "Enable tracing for MGCP processing errors";
                }
                enum "chassis-cluster" {
                  value 3;
                  description
                    "Enable tracing for MGCP chassis cluster functions";
                }
                enum "nat" {
                  value 4;
                  description
                    "Enable tracing for MGCP Network Address Translation (NAT) processing";
                }
                enum "packet" {
                  value 5;
                  description
                    "Enable tracing for MGCP protocol packet processing";
                }
                enum "rm" {
                  value 6;
                  description
                    "Enable tracing MGCP Resource Management (Resmgr) functions";
                }
                enum "all" {
                  value 7;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container mgcp

      container msrpc {
        description "Configure MSRPC ALG";
        leaf disable {
          type empty;
          description "Disable MSRPC ALG";
        }

        leaf group-max-usage {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 100";
            }
          }
          default "80";
          description
            "Set maximum group usage percentage, default 80";
        }

        leaf map-entry-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 4320";
            }
          }
          units "minutes";
          default "480";
          description
            "Set entry timeout, default 8hour";
        }

        container traceoptions {
          description
            "MSRPC ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "MSRPC ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container msrpc

      container sunrpc {
        description "Configure SUNRPC ALG";
        leaf disable {
          type empty;
          description "Disable SUNRPC ALG";
        }

        leaf group-max-usage {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 100";
            }
          }
          default "80";
          description
            "Set maximum group usage percentage, default 80";
        }

        leaf map-entry-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 4320";
            }
          }
          units "minutes";
          default "480";
          description
            "Set entry timeout, default 8hour";
        }

        container traceoptions {
          description
            "SUNRPC ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "SUNRPC ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container sunrpc

      container rsh {
        presence "enable rsh";
        description "Configure RSH ALG";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable RSH ALG";
        }

        container traceoptions {
          description
            "RSH ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "RSH ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container rsh

      container rtsp {
        presence "enable rtsp";
        description "Configure RTSP ALG";
        leaf disable {
          type empty;
          description "Disable RTSP ALG";
        }

        container traceoptions {
          description
            "RTSP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "RTSP ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container rtsp

      container sccp {
        presence "enable sccp";
        description "Configure SCCP ALG";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable SCCP ALG";
        }

        leaf inactive-media-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 600";
            }
          }
          units "seconds";
          default "120";
          description
            "Set inactive media timeout";
        }

        container application-screen {
          description
            "Configure application screens";
          uses apply-advanced;

          container unknown-message {
            description
              "Configure ALG action on receiving an unknown message";
            uses apply-advanced;

            leaf permit-nat-applied {
              type empty;
              description
                "Permit unknown messages on packets that are NATed";
            }

            leaf permit-routed {
              type empty;
              description
                "Permit unknown messages on routed packets";
            }
          }  // container unknown-message

          container call-flood {
            description
              "Configure call flood thresholds";
            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "20";
              description
                "Calls per second per client";
            }
          }  // container call-flood
        }  // container application-screen

        container dscp-rewrite {
          description "DSCP code rewrite";
          uses apply-advanced;

          leaf code-point {
            type string {
              junos:posix-pattern "^([01]{6})$";
              junos:pattern-message "Must be form of xxxxxx, where x is 1 or 0";
            }
            description
              "Set dscp codepoint 6-bit string";
          }
        }  // container dscp-rewrite

        container traceoptions {
          description
            "SCCP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "SCCP ALG trace flags";
            leaf name {
              type enumeration {
                enum "call" {
                  value 0;
                  description
                    "Enable tracing SCCP call processing";
                }
                enum "cli" {
                  value 1;
                  description
                    "Enable tracing SCCP cli processing";
                }
                enum "decode" {
                  value 2;
                  description
                    "Enable tracing for SCCP decoder operations";
                }
                enum "error" {
                  value 3;
                  description
                    "Enable tracing for SCCP processing errors";
                }
                enum "chassis-cluster" {
                  value 4;
                  description
                    "Enable tracing for SCCP chassis cluster functions";
                }
                enum "init" {
                  value 5;
                  description
                    "Enable tracing for SCCP initialization errors";
                }
                enum "nat" {
                  value 6;
                  description
                    "Enable tracing for SCCP Network Address Translation (NAT) processing";
                }
                enum "rm" {
                  value 7;
                  description
                    "Enable tracing SCCP Resource Management (Resmgr) functions";
                }
                enum "all" {
                  value 8;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container sccp

      container sip {
        presence "enable sip";
        description "Configure SIP ALG";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable SIP ALG";
        }

        leaf inactive-media-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "10 .. 2550";
            }
          }
          units "seconds";
          default "120";
          description
            "Set inactive media timeout";
        }

        leaf maximum-call-duration {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          units "minutes";
          default "720";
          description
            "Set maximum call duration 0 or 3..720";
        }

        leaf t1-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "500 .. 5000";
            }
          }
          units "milliseconds";
          default "500";
          description "Set T1 interval";
        }

        leaf t4-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 10";
            }
          }
          units "seconds";
          default "5";
          description "Set T4 interval";
        }

        leaf c-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 10";
            }
          }
          units "minutes";
          default "3";
          description "Set C timeout";
        }

        leaf disable-call-id-hiding {
          type empty;
          status deprecated;
          description
            "Disable translation of host IP in Call-ID header";
        }

        leaf bulk-call-mode {
          type empty;
          description
            "Enable SIP distribution session in bulk mode";
        }

        leaf enable-call-distribution {
          type empty;
          description
            "Enable Call-id-based SIP call distribution between SPUs";
        }

        leaf retain-hold-resource {
          type empty;
          description
            "Retain SDP resources during call hold";
        }

        container hide-via-headers {
          description
            "Hide via headers options";
          uses apply-advanced;

          leaf disable {
            type empty;
            description
              "Disable hide via headers function";
          }
        }  // container hide-via-headers

        list distribution-ip {
          key "name";
          ordered-by user;
          description
            "Configure SIP distribute server IPV6 or IPV4 ip";
          leaf name {
            type jt:ipaddr;
            description
              "Distribution IP address";
          }

          uses apply-advanced;

          container distribute-to {
            description
              "Distribute sip packet";
            uses apply-advanced;

            container fpc {
              description "FPC card number";
              uses apply-advanced;

              leaf slot {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 127";
                  }
                }
                description
                  "FPC slot number";
              }

              container pic {
                description
                  "PIC card number";
                uses apply-advanced;

                leaf slot {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 11";
                    }
                  }
                  description
                    "Physical Interface Card number";
                }
              }  // container pic
            }  // container fpc
          }  // container distribute-to
        }  // list distribution-ip

        container application-screen {
          description
            "Configure application screens";
          uses apply-advanced;

          container unknown-message {
            description
              "Configure ALG action on receiving an unknown message";
            uses apply-advanced;

            leaf permit-nat-applied {
              type empty;
              description
                "Permit unknown messages on packets that are NATed";
            }

            leaf permit-routed {
              type empty;
              description
                "Permit unknown messages on routed packets";
            }
          }  // container unknown-message

          container protect {
            description
              "Configure Protect options";
            uses apply-advanced;

            container deny {
              presence "enable deny";
              description
                "Protect deny options";
              uses apply-advanced;

              choice deny-choice {
                list destination-ip {
                  key "name";
                  ordered-by user;
                  description
                    "List of protected destination server IP";
                  leaf name {
                    type jt:ipprefix;
                    description
                      "Protected destination server IPv4 or IPv6 entry";
                  }

                  uses apply-advanced;
                }  // list destination-ip
                leaf all {
                  type empty;
                  description
                    "Enable attack protection for all servers";
                }
              }  // choice deny-choice

              leaf timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 3600";
                  }
                }
                units "seconds";
                default "5";
                description
                  "Timeout value for SIP INVITE attack table entry";
              }
            }  // container deny
          }  // container protect
        }  // container application-screen

        container dscp-rewrite {
          description "DSCP code rewrite";
          uses apply-advanced;

          leaf code-point {
            type string {
              junos:posix-pattern "^([01]{6})$";
              junos:pattern-message "Must be form of xxxxxx, where x is 1 or 0";
            }
            description
              "Set dscp codepoint 6-bit string";
          }
        }  // container dscp-rewrite

        container traceoptions {
          description
            "SIP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "SIP ALG trace flags";
            leaf name {
              type enumeration {
                enum "call" {
                  value 0;
                  description
                    "Enable tracing for SIP call processing";
                }
                enum "chassis-cluster" {
                  value 1;
                  description
                    "Enable tracing for SIP chassis cluster functions";
                }
                enum "nat" {
                  value 2;
                  description
                    "Enable tracing for SIP Network Address Translation (NAT) processing";
                }
                enum "parser" {
                  value 3;
                  description
                    "Enable tracing for SIP parser operations";
                }
                enum "rm" {
                  value 4;
                  description
                    "Enable tracing SIP Resource Management (Resmgr) functions";
                }
                enum "all" {
                  value 5;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf terse {
                type empty;
                description
                  "Set trace verbosity level to terse";
              }
              leaf detail {
                type empty;
                description
                  "Set trace verbosity level to detail";
              }
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container sip

      container sql {
        presence "enable sql";
        description "Configure SQL ALG";
        leaf disable {
          type empty;
          description "Disable SQL ALG";
        }

        container traceoptions {
          description
            "SQL ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "SQL ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container sql

      container talk {
        description "Configure Talk ALG";
        leaf disable {
          type empty;
          description "Disable Talk ALG";
        }

        container traceoptions {
          description
            "TALK ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "TALK ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container talk

      container tftp {
        description "Configure TFTP ALG";
        leaf disable {
          type empty;
          description "Disable TFTP ALG";
        }

        container traceoptions {
          description
            "TFTP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "TFTP ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container tftp

      container pptp {
        description "Configure PPTP ALG";
        leaf disable {
          type empty;
          description "Disable PPTP ALG";
        }

        container traceoptions {
          description
            "PPTP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "PPTP ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container pptp

      container ike-esp-nat {
        description
          "Configure IKE-ESP ALG with NAT";
        uses apply-advanced;

        leaf enable {
          type empty;
          description "Enable IKE-ESP ALG";
        }

        leaf esp-gate-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 30";
            }
          }
          units "seconds";
          default "5";
          description "Set ESP gate timeout";
        }

        leaf esp-session-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2400";
            }
          }
          units "seconds";
          default "1800";
          description
            "Set ESP session timeout";
        }

        leaf state-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "180 .. 86400";
            }
          }
          units "seconds";
          default "14400";
          description
            "Set ALG state timeout";
        }

        container traceoptions {
          description
            "IKE-ESP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "IKE-ESP ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Set trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container ike-esp-nat

      container twamp {
        presence "enable twamp";
        description "Configure TWAMP ALG";
        uses apply-advanced;

        container traceoptions {
          description
            "TWAMP ALG trace options";
          uses apply-advanced;

          list flag {
            key "name";
            ordered-by user;
            description
              "TWAMP ALG trace flags";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "Trace everything";
                }
              }
            }

            choice level {
              leaf extensive {
                type empty;
                description
                  "Trace verbosity level to extensive";
              }
            }  // choice level
          }  // list flag
        }  // container traceoptions
      }  // container twamp
    }  // grouping alg-object

    grouping anti-spam-feature {
      description "Anti-spam feature";
      uses apply-advanced;

      container sbl {
        presence "enable sbl";
        description "SBL settings";
        uses sbl-type;
      }  // container sbl
    }  // grouping anti-spam-feature

    grouping anti-virus-feature {
      description "Anti-virus feature";
      uses apply-advanced;

      container mime-whitelist {
        status deprecated;
        description
          "Anti-virus MIME whitelist";
        uses apply-advanced;

        leaf list {
          junos:must "("security utm custom-objects mime-pattern $$")";
          junos:must-message "mime-pattern must be defined";
          type string;
          description "MIME list";
        }

        leaf exception {
          junos:must "("security utm custom-objects mime-pattern $$")";
          junos:must-message "mime-pattern must be defined";
          type string;
          description
            "Exception settings for MIME white list";
        }
      }  // container mime-whitelist

      leaf url-whitelist {
        type string;
        status deprecated;
        description
          "Anti-virus URL white list";
      }

      leaf type {
        type enumeration {
          enum "sophos-engine" {
            value 0;
            status deprecated;
            description
              "Anti-virus sophos-engine";
          }
          enum "avira-engine" {
            value 1;
            status deprecated;
            description
              "Anti-virus avira-engine";
          }
          enum "anti-virus-none" {
            value 2;
            status deprecated;
          }
        }
        status deprecated;
        description "Anti-virus engine type";
      }

      list profile {
        key "name";
        ordered-by user;
        description "Anti-virus profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description
            "Anti-virus profile name";
        }

        uses apply-advanced;

        container fallback-options {
          presence "enable fallback-options";
          description
            "Anti-virus fallback options";
          uses av-fallback-settings;
        }  // container fallback-options

        container notification-options {
          presence
            "enable notification-options";
          description
            "Anti-virus notification options";
          uses anti-virus-notification-options;
        }  // container notification-options

        container mime-whitelist {
          description
            "Anti-virus MIME whitelist";
          uses apply-advanced;

          leaf list {
            junos:must "("security utm custom-objects mime-pattern $$")";
            junos:must-message "mime-pattern must be defined";
            type string;
            description "MIME list";
          }

          leaf exception {
            junos:must "("security utm custom-objects mime-pattern $$")";
            junos:must-message "mime-pattern must be defined";
            type string;
            description
              "Exception settings for MIME white list";
          }
        }  // container mime-whitelist

        leaf url-whitelist {
          junos:must "("security utm custom-objects custom-url-category $$")";
          junos:must-message "custom-url-category must be defined";
          type string;
          description
            "Anti-virus URL white list";
        }
      }  // list profile

      container traceoptions {
        status deprecated;
        description
          "Trace options for anti-virus feature";
        uses anti-virus-traceoptions;
      }  // container traceoptions

      container sophos-engine {
        status deprecated;
        description
          "Anti-virus sophos-engine";
        uses apply-advanced;

        container server {
          status deprecated;
          description
            "SAV and Anti-Spam first hop DNS server";
          uses apply-advanced;

          leaf ip {
            type jt:ipaddr;
            description
              "SAV and Anti-Spam first hop DNS server ip";
          }

          leaf routing-instance {
            junos:must "("routing-instances $$")";
            junos:must-message "Routing-instance must be defined";
            type string;
            description
              "Routing instance name";
          }

          leaf source-address {
            type jt:ipaddr;
            description
              "Source ip address used to connect server";
          }
        }  // container server

        leaf sxl-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 5";
            }
          }
          units "seconds";
          status deprecated;
          description
            "Sxl sophos anti-virus engine timeout";
        }

        leaf sxl-retry {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 5";
            }
          }
          status deprecated;
          description
            "Sxl sophos anti-virus engine query retry (number of times)";
        }

        container pattern-update {
          presence "enable pattern-update";
          status deprecated;
          description
            "Anti-virus sophos-engine pattern update";
          uses anti-virus-pattern-update;
        }  // container pattern-update

        list profile {
          key "name";
          ordered-by user;
          status deprecated;
          description
            "Anti-virus sophos-engine profile";
          leaf name {
            type string {
              length "1 .. 29";
            }
            description
              "Anti-virus sophos-engine profile name";
          }

          uses apply-advanced;

          container fallback-options {
            presence
              "enable fallback-options";
            description
              "Anti-virus sophos-engine fallback options";
            uses av-fallback-settings;
          }  // container fallback-options

          container scan-options {
            presence "enable scan-options";
            description
              "Anti-virus sophos-engine scan options";
            uses sophos-scan-options;
          }  // container scan-options

          container trickling {
            presence "enable trickling";
            description
              "Anti-virus trickling";
            uses anti-virus-trickling;
          }  // container trickling

          container notification-options {
            presence
              "enable notification-options";
            description
              "Anti-virus notification options";
            uses anti-virus-notification-options;
          }  // container notification-options

          container mime-whitelist {
            description
              "Anti-virus MIME whitelist";
            uses apply-advanced;

            leaf list {
              junos:must "("security utm custom-objects mime-pattern $$")";
              junos:must-message "mime-pattern must be defined";
              type string;
              description "MIME list";
            }

            leaf exception {
              junos:must "("security utm custom-objects mime-pattern $$")";
              junos:must-message "mime-pattern must be defined";
              type string;
              description
                "Exception settings for MIME white list";
            }
          }  // container mime-whitelist

          leaf url-whitelist {
            junos:must "("security utm custom-objects custom-url-category $$")";
            junos:must-message "custom-url-category must be defined";
            type string;
            description
              "Anti-virus URL white list";
          }
        }  // list profile
      }  // container sophos-engine
    }  // grouping anti-virus-feature

    grouping anti-virus-notification-options {
      description
        "Anti-virus notification options";
      uses apply-advanced;

      container virus-detection {
        presence "enable virus-detection";
        description
          "Virus detection notification";
        uses apply-advanced;

        leaf type {
          type enumeration {
            enum "protocol-only" {
              value 0;
              description
                "Notification in protocol level only";
            }
            enum "message" {
              value 1;
              description
                "Notification in message";
            }
          }
          description
            "Virus detection notification type";
        }

        choice notify-mail-sender-choice {
          leaf notify-mail-sender {
            type empty;
            description "Notify mail sender";
          }
          leaf no-notify-mail-sender {
            type empty;
            description
              "Don't notify mail sender";
          }
        }  // choice notify-mail-sender-choice

        leaf custom-message {
          type string {
            length "1 .. 512";
          }
          description
            "Custom message for notification";
        }

        leaf custom-message-subject {
          type string {
            length "1 .. 255";
          }
          description
            "Custom message subject for notification";
        }
      }  // container virus-detection

      container fallback-block {
        presence "enable fallback-block";
        description
          "Fallback block notification";
        uses apply-advanced;

        leaf type {
          type enumeration {
            enum "protocol-only" {
              value 0;
              description
                "Notification in protocol level only";
            }
            enum "message" {
              value 1;
              description
                "Notification in message";
            }
          }
          description
            "Fallback block notification type";
        }

        choice notify-mail-sender-choice {
          leaf notify-mail-sender {
            type empty;
            description "Notify mail sender";
          }
          leaf no-notify-mail-sender {
            type empty;
            description
              "Don't notify mail sender";
          }
        }  // choice notify-mail-sender-choice

        leaf custom-message {
          type string {
            length "1 .. 512";
          }
          description
            "Custom message for notification";
        }

        leaf custom-message-subject {
          type string {
            length "1 .. 255";
          }
          description
            "Custom message subject for notification";
        }
      }  // container fallback-block

      container fallback-non-block {
        presence "enable fallback-non-block";
        description
          "Fallback non block notification";
        uses apply-advanced;

        choice notify-mail-recipient-choice {
          leaf notify-mail-recipient {
            type empty;
            description
              "Notify mail recipient";
          }
          leaf no-notify-mail-recipient {
            type empty;
            description
              "Don't notify mail recipient";
          }
        }  // choice notify-mail-recipient-choice

        leaf custom-message {
          type string {
            length "1 .. 512";
          }
          description
            "Custom message for notification";
        }

        leaf custom-message-subject {
          type string {
            length "1 .. 255";
          }
          description
            "Custom message subject for notification";
        }
      }  // container fallback-non-block
    }  // grouping anti-virus-notification-options

    grouping anti-virus-pattern-update {
      description
        "Anti-virus pattern update";
      uses apply-advanced;

      container email-notify {
        presence "enable email-notify";
        description
          "Virus pattern file updated notification";
        uses apply-advanced;

        leaf admin-email {
          type string {
            length "1 .. 255";
          }
          description
            "Admin emails to be notified about pattern file update";
        }

        leaf custom-message {
          type string {
            length "1 .. 512";
          }
          description
            "Custom message for notification";
        }

        leaf custom-message-subject {
          type string {
            length "1 .. 255";
          }
          description
            "Custom message subject for notification";
        }
      }  // container email-notify

      leaf url {
        type string {
          length "1 .. 256";
        }
        description "Server URL";
      }

      leaf proxy-profile {
        junos:must "("services proxy profile $$")";
        junos:must-message "Referenced Proxy profile must be defined";
        type string {
          length "1 .. 64";
        }
        description "Proxy profile";
      }

      leaf routing-instance {
        junos:must "("routing-instances $$")";
        junos:must-message "Routing-instance must be defined";
        type string;
        description "Routing instance name";
      }

      leaf interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 10080";
          }
        }
        description
          "Interval in minutes to check the update";
      }

      leaf start-time {
        type jt:time;
        description
          "Start time (YYYY-MM-DD.HH:MM:SS)";
      }

      leaf no-autoupdate {
        type empty;
        description
          "Don't automatically update anti-virus pattern";
      }
    }  // grouping anti-virus-pattern-update

    grouping anti-virus-traceoptions {
      description
        "Trace options for anti-virus feature";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Trace options for anti-virus feature flag";
        leaf name {
          type enumeration {
            enum "basic" {
              value 0;
              description
                "Trace anti-virus module generic basic information";
            }
            enum "detail" {
              value 1;
              description
                "Trace anti-virus module generic detail information";
            }
            enum "engine" {
              value 2;
              description
                "Trace scan engine information";
            }
            enum "pattern" {
              value 3;
              description
                "Trace detail information of pattern loading";
            }
            enum "updater" {
              value 4;
              description
                "Trace pattern updater process activities";
            }
            enum "manager" {
              value 5;
              description
                "Trace anti-virus manager process activities";
            }
            enum "worker" {
              value 6;
              description
                "Trace anti-virus worker process activities";
            }
            enum "sendmail" {
              value 7;
              description
                "Trace mail notifier process activities";
            }
            enum "ipc" {
              value 8;
              description
                "Trace communication events with PFE";
            }
            enum "event" {
              value 9;
              description
                "Trace communication events between RE side processes";
            }
            enum "statistics" {
              value 10;
              description
                "Trace statistics information";
            }
            enum "all" {
              value 11;
              description
                "Enable trace all anti-virus trace options";
            }
          }
          description
            "Trace options for anti-virus feature flag name";
        }
      }  // list flag
    }  // grouping anti-virus-traceoptions

    grouping anti-virus-trickling {
      description "Anti-virus trickling";
      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 600";
          }
        }
        description "Trickling timeout";
      }
    }  // grouping anti-virus-trickling

    grouping apbr_rule_type {
      leaf name {
        type string {
          length "1 .. 63";
        }
        description "Rule name";
      }

      uses apply-advanced;

      leaf disable-midstream-routing {
        type empty;
        description
          "Disable midstream routing";
      }

      container match {
        presence "enable match";
        description
          "Specify security rule  match-criteria";
        uses apply-advanced;

        leaf-list dynamic-application {
          type string;
          ordered-by user;
        }

        leaf-list dynamic-application-group {
          type string;
          ordered-by user;
          description
            "Specify dynamic application group name to match";
        }

        leaf-list category {
          type string;
          ordered-by user;
          description "Url category";
        }

        leaf-list dscp {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 63";
            }
          }
          ordered-by user;
          description
            "Specify dscp value to match";
        }
      }  // container match

      container then {
        presence "enable then";
        description
          "Specify rule action to take when packet match criteria";
        uses apply-advanced;

        container routing-instance {
          description
            "Packets are directed to specified routing instance";
          leaf routing-instance-name {
            type string {
              junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
              junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
            }
            description
              "Name of routing instance";
          }
        }  // container routing-instance

        container sla-rule {
          presence "enable sla-rule";
          description "SLA Rule";
          uses apply-advanced;

          leaf sla-rule-name {
            type string;
            description "SLA rule name";
          }
        }  // container sla-rule

        leaf application-services-bypass {
          type empty;
          description
            "Bypass the application services";
        }
      }  // container then
    }  // grouping apbr_rule_type

    grouping appfw_rule_type {
      leaf name {
        type string {
          length "1 .. 63";
        }
        description "Rule name";
      }

      uses apply-advanced;

      container match {
        presence "enable match";
        description
          "Specify security rule  match-criteria";
        uses apply-advanced;

        leaf-list dynamic-application {
          type string;
          ordered-by user;
        }

        leaf-list dynamic-application-group {
          type string;
          ordered-by user;
          description
            "Specify dynamic application group name to match";
        }

        leaf ssl-encryption {
          type enumeration {
            enum "any" {
              value 0;
              description
                "Encrypted and non-encrypted rule";
            }
            enum "yes" {
              value 1;
              description "Encrypted rule";
            }
            enum "no" {
              value 2;
              description
                "Non-encrypted rule";
            }
          }
          description
            "Select SSL encryption rules";
        }
      }  // container match

      container then {
        presence "enable then";
        description
          "Specify rule action to take when packet match criteria";
        uses apply-advanced;

        choice action {
          leaf permit {
            type empty;
            description "Permit packets";
          }
          container deny {
            presence "enable deny";
            description "Deny packets";
            uses apply-advanced;

            leaf block-message {
              type empty;
              description
                "Redirect sessions";
            }
          }  // container deny
          container reject {
            presence "enable reject";
            description "Reject packets";
            uses apply-advanced;

            leaf block-message {
              type empty;
              description
                "Redirect sessions";
            }
          }  // container reject
        }  // choice action
      }  // container then
    }  // grouping appfw_rule_type

    grouping application_object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Application name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of application";
      }

      list term {
        key "name";
        max-elements 8;
        ordered-by user;
        description
          "Define individual application protocols";
        uses term_object;
      }  // list term

      leaf application-protocol {
        type enumeration {
          enum "bootp" {
            value 0;
            description "Bootstrap protocol";
          }
          enum "dce-rpc" {
            value 1;
            description "DCE RPC";
          }
          enum "dce-rpc-portmap" {
            value 2;
            description "DCE RPC portmap";
          }
          enum "dns" {
            value 3;
            description
              "Domain Name Service";
          }
          enum "exec" {
            value 4;
            description
              "Remote Execution Protocol";
          }
          enum "ftp" {
            value 5;
            description
              "File Transfer Protocol";
          }
          enum "ftp-data" {
            value 6;
            description
              "File Transfer Protocol Data Session";
          }
          enum "gprs-gtp-c" {
            value 7;
            description
              "GPRS Tunneling Control Plane";
          }
          enum "gprs-gtp-u" {
            value 8;
            description
              "GPRS Tunneling User Plane";
          }
          enum "gprs-gtp-v0" {
            value 9;
            description
              "GPRS Tunneling Version 0";
          }
          enum "gprs-sctp" {
            value 10;
            description
              "GPRS Stream Control Protocol";
          }
          enum "h323" {
            value 11;
            description "H.323";
          }
          enum "icmp" {
            value 12;
            description "ICMP";
          }
          enum "icmpv6" {
            value 13;
            description "ICMPv6";
          }
          enum "ignore" {
            value 14;
            description
              "Ignore application type";
          }
          enum "iiop" {
            value 15;
            description
              "Internet Inter-ORB Protocol";
          }
          enum "ike-esp-nat" {
            value 16;
            description "IKE/ESP with NAT";
          }
          enum "ip" {
            value 17;
            description "IP";
          }
          enum "login" {
            value 18;
            description "Login";
          }
          enum "mgcp-ca" {
            value 19;
            description "MGCP-CA";
          }
          enum "mgcp-ua" {
            value 20;
            description "MGCP-UA";
          }
          enum "ms-rpc" {
            value 21;
            description "Microsoft RPC";
          }
          enum "netbios" {
            value 22;
            description "NetBIOS";
          }
          enum "netshow" {
            value 23;
            description "NetShow";
          }
          enum "none" {
            value 24;
            description "None";
          }
          enum "pptp" {
            value 25;
            description
              "Point-to-Point Tunneling Protocol";
          }
          enum "q931" {
            value 26;
            description "Q.931";
          }
          enum "ras" {
            value 27;
            description "RAS";
          }
          enum "realaudio" {
            value 28;
            description "RealAudio";
          }
          enum "rpc" {
            value 29;
            description "RPC";
          }
          enum "rpc-portmap" {
            value 30;
            description "RPC portmap";
          }
          enum "rsh" {
            value 31;
            description "Remote Shell";
          }
          enum "rtsp" {
            value 32;
            description
              "Real Time Streaming Protocol";
          }
          enum "sccp" {
            value 33;
            description
              "Skinny Client Control Protocol";
          }
          enum "sip" {
            value 34;
            description
              "Session Initiation Protocol";
          }
          enum "shell" {
            value 35;
            description "Shell";
          }
          enum "snmp" {
            value 36;
            description "SNMP";
          }
          enum "sqlnet" {
            value 37;
            description "SQLNet";
          }
          enum "sqlnet-v2" {
            value 38;
            description
              "Oracle SQL*Net Version 2";
          }
          enum "sun-rpc" {
            value 39;
            description
              "Sun Microsystems RPC";
          }
          enum "talk" {
            value 40;
            description "Talk Program";
          }
          enum "tftp" {
            value 41;
            description
              "Trivial File Transfer Protocol";
          }
          enum "traceroute" {
            value 42;
            description "Traceroute";
          }
          enum "http" {
            value 43;
            description
              "Hypertext Transfer Protocol";
          }
          enum "winframe" {
            value 44;
            description "WinFrame";
          }
          enum "https" {
            value 45;
            description
              "Hypertext Transfer Protocol";
          }
          enum "imap" {
            value 46;
            description
              "Internet Mail Access Protocol";
          }
          enum "smtp" {
            value 47;
            description
              "Simple Mail Transfer Protocol";
          }
          enum "ssh" {
            value 48;
            description
              "Secure Shell Protocol";
          }
          enum "telnet" {
            value 49;
            description "Telnet Protocol";
          }
          enum "twamp" {
            value 50;
            description
              "Two Way Active Meaurement Protocol";
          }
          enum "pop3" {
            value 51;
            description
              "Post Office Protocol 3 Protocol";
          }
          enum "smtps" {
            value 52;
            description
              "Simple Mail Transfer Protocol Over TLS";
          }
          enum "imaps" {
            value 53;
            description
              "Internet Mail Access Protocol Over TLS";
          }
          enum "pop3s" {
            value 54;
            description
              "Post Office Protocol 3 Protocol Over TLS";
          }
        }
        description
          "Application protocol type";
      }

      leaf protocol {
        type string;
        description "Match IP protocol type";
      }

      leaf source-port {
        type string;
        description
          "Match TCP/UDP source port";
      }

      leaf destination-port {
        type string;
        description
          "Match TCP/UDP destination port";
      }

      leaf ether-type {
        type string {
          junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4})$|^([0-9A-Fa-f]{4})$";
          junos:pattern-message "Ether-type should be in hex - (example: 0x8906)";
        }
        description "Match ether type";
      }

      leaf icmp-type {
        type string;
        description
          "Match ICMP message type";
      }

      leaf icmp6-type {
        type string;
        description
          "Match ICMP6 message type";
      }

      leaf icmp-code {
        type string;
        description
          "Match ICMP message code";
      }

      leaf icmp6-code {
        type string;
        description
          "Match ICMP6 message code";
      }

      leaf rpc-program-number {
        type string {
          junos:posix-pattern "^(0|[1-9][0-9]{0,9})(-(0|[1-9][0-9]{0,9}))?$";
          junos:pattern-message "Value must be an integer or a range of integers";
        }
        description
          "Match range of RPC program numbers";
      }

      leaf uuid {
        type string {
          junos:posix-pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$";
          junos:pattern-message "Value must be of the form xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
        }
        description
          "Match universal unique identifier for DCE RPC objects";
      }

      leaf inactivity-timeout {
        type string;
        units "seconds";
        description
          "Application-specific inactivity timeout";
      }

      choice dns-choice {
        leaf do-not-translate-AAAA-query-to-A-query {
          junos:must "(".. application-protocol dns")";
          junos:must-message "Application protocol must be DNS";
          type empty;
          description
            "Knob to control the translation of AAAA query to A query";
        }
        leaf do-not-translate-A-query-to-AAAA-query {
          junos:must "(".. application-protocol dns")";
          junos:must-message "Application protocol must be DNS";
          type empty;
          description
            "Knob to control the translation of A query to AAAA query";
        }
      }  // choice dns-choice
    }  // grouping application_object

    grouping application_set_object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Application set name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of application set";
      }

      list application {
        key "name";
        ordered-by user;
        description
          "Application to be included in the set";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description "Application name";
        }

        uses apply-advanced;
      }  // list application

      list application-set {
        key "name";
        ordered-by user;
        description
          "Define an application-set";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description
            "Define an application-set name";
        }

        uses apply-advanced;
      }  // list application-set
    }  // grouping application_set_object

    grouping apply-advanced {
      description
        "Apply advanced configuration logic";
      leaf-list apply-groups {
        type string;
        ordered-by user;
        description
          "Groups from which to inherit configuration data";
      }

      leaf-list apply-groups-except {
        type string;
        ordered-by user;
        description
          "Don't inherit configuration data from these groups";
      }

      list apply-macro {
        key "name";
        ordered-by user;
        description
          "Macro and parameters for commit script expansion";
        uses apply-macro-type;
      }  // list apply-macro
    }  // grouping apply-advanced

    grouping apply-macro-type {
      description
        "Macro data for commit-script expansion";
      leaf name {
        type string;
        description
          "Name of the macro to be expanded";
      }

      list data {
        key "name";
        uses macro-data-type;
      }  // list data
    }  // grouping apply-macro-type

    grouping appqoe-probe-params {
      description "Active probe parameters";
      uses apply-advanced;

      container data-fill {
        description
          "Probe Data Payload content";
        uses apply-advanced;

        leaf fill {
          type string {
            length "1 .. 63";
          }
          description
            "Repetitive payload string ";
        }
      }  // container data-fill

      container data-size {
        presence "enable data-size";
        description "Probe data size";
        uses apply-advanced;

        leaf size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "4 .. 256";
            }
          }
          description
            "Data Payload size of probe packet";
        }
      }  // container data-size

      container per-packet-loss-timeout {
        presence
          "enable per-packet-loss-timeout";
        description
          "Time interval between 2 consecutive SaaS probes";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "100 .. 10000";
            }
          }
          default "1000";
          description
            "Interval value in milliseconds";
        }
      }  // container per-packet-loss-timeout

      container probe-interval {
        presence "enable probe-interval";
        description
          "Time interval between 2 consecutive probes";
        uses apply-advanced;

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 60";
            }
          }
          default "10";
          description
            "Interval value in sec";
        }
      }  // container probe-interval

      container probe-count {
        presence "enable probe-count";
        description
          "Minimum number of samples to be collected to evaluate SLA measurement";
        uses apply-advanced;

        leaf count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000";
            }
          }
          default "5";
          description "Sample count";
        }
      }  // container probe-count

      container burst-size {
        presence "enable burst-size";
        description
          "Number of probes out of probe count to be sent as a burst";
        uses apply-advanced;

        leaf size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          default "1";
          description "Burst size";
        }
      }  // container burst-size

      container sla-export-interval {
        description
          "Enabled time based SLA exporting";
        uses apply-advanced;

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 600";
            }
          }
          description "Interval (sec)";
        }
      }  // container sla-export-interval

      container dscp-code-points {
        description
          "Mapping of code point aliases to bit strings";
        uses apply-advanced;

        leaf dscp {
          type string;
          description "DSCP";
        }
      }  // container dscp-code-points

      container forwarding-class {
        description
          "Forwarding class corresponding to the DSCP";
        uses apply-advanced;

        leaf fc-name {
          type string;
          description
            "Forwarding class name";
        }
      }  // container forwarding-class

      container loss-priority {
        presence "enable loss-priority";
        uses apply-advanced;

        leaf priority {
          type enumeration {
            enum "low" {
              value 0;
              description
                "Low loss priority";
            }
            enum "medium-low" {
              value 1;
              description
                "Medium-low loss priority";
            }
            enum "medium-high" {
              value 2;
              description
                "Medium-high loss priority";
            }
            enum "high" {
              value 3;
              description
                "High loss priority";
            }
          }
          description "Packet loss priority";
        }
      }  // container loss-priority
    }  // grouping appqoe-probe-params

    grouping appqoe-probe-path {
      description "Set probe path details";
      uses apply-advanced;

      container local {
        presence "enable local";
        description "Local node's info";
        uses appqoe-node;
      }  // container local

      container remote {
        presence "enable remote";
        description "Remote node's info";
        uses appqoe-node;
      }  // container remote
    }  // grouping appqoe-probe-path

    grouping appqoe-node {
      description "Set node info";
      uses apply-advanced;

      container ip-address {
        presence "enable ip-address";
        description "Set IP address";
        uses apply-advanced;

        leaf ip_address {
          type jt:ipaddr;
          description "IP address";
        }
      }  // container ip-address
    }  // grouping appqoe-node

    grouping appqoe_sla_metric_profile {
      description "Metric Name";
      uses apply-advanced;

      container delay-round-trip {
        presence "enable delay-round-trip";
        description
          "Maximum acceptable delay";
        uses apply-advanced;

        leaf delay-val {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 60000000";
            }
          }
          description
            "Delay value(micro-sec)";
        }
      }  // container delay-round-trip

      container jitter {
        presence "enable jitter";
        description
          "Maximum acceptable jitter";
        uses apply-advanced;

        leaf jitter-val {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 60000000";
            }
          }
          description
            "Jitter value(micro-sec)";
        }
      }  // container jitter

      container jitter-type {
        presence "enable jitter-type";
        description "Type of Jitter";
        uses apply-advanced;

        leaf type {
          type enumeration {
            enum "two-way-jitter" {
              value 0;
              description
                "Two-way-jitter-type";
            }
            enum "egress-jitter" {
              value 1;
              description
                "Egress-jitter-type";
            }
            enum "ingress-jitter" {
              value 2;
              description
                "Ingress-jitter-type";
            }
          }
          description "Jitter Type";
        }
      }  // container jitter-type

      container packet-loss {
        presence "enable packet-loss";
        description
          "Maximum acceptable packet-loss";
        uses apply-advanced;

        leaf loss {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Packet loss percentage";
        }
      }  // container packet-loss

      container match {
        presence "enable match";
        description "Type of SLA match";
        uses apply-advanced;

        leaf sla_match {
          type enumeration {
            enum "any-one" {
              value 0;
              description
                "Match any one strings";
            }
            enum "all" {
              value 1;
              description
                "Match all metrics";
            }
          }
        }
      }  // container match
    }  // grouping appqoe_sla_metric_profile

    grouping appqos-traceoptions-type {
      description
        "Trace options for application classifier";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      list flag {
        key "name";
        ordered-by user;
        description
          "Events and other information to include in trace output";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "All events";
            }
          }
          description
            "Flag name to include in trace output";
        }
      }  // list flag

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }
    }  // grouping appqos-traceoptions-type

    grouping appqos_rule_type {
      leaf name {
        type string {
          length "1 .. 63";
        }
        description "Rule name";
      }

      uses apply-advanced;

      container match {
        description
          "Specify application traffic control rule match-criteria";
        uses apply-advanced;

        leaf application-any {
          type empty;
          description "Any applications";
        }

        leaf application-unknown {
          type empty;
          status deprecated;
          description "Uknown applcations";
        }

        leaf application-known {
          type empty;
          description
            "Identifiable applications";
        }

        leaf-list application {
          type string {
            length "1 .. 63";
          }
          ordered-by user;
          description
            "Specify application name to match";
        }

        leaf-list application-group {
          type string {
            length "1 .. 63";
          }
          ordered-by user;
          description
            "Specify application group name to match";
        }
      }  // container match

      container then {
        description
          "Specify rule action to take when packet match criteria";
        uses apply-advanced;

        leaf forwarding-class {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be string of 64 characters or less";
          }
          description
            "Forwarding class for outgoing packets";
        }

        leaf dscp-code-point {
          type string {
            junos:posix-pattern "^(([01]{6})|([a-zA-Z].{0,63}))$";
            junos:pattern-message "Not 6-bit pattern or code point alias";
          }
          description
            "DSCP code point bitmap or alias";
        }

        leaf loss-priority {
          type enumeration {
            enum "low" {
              value 0;
              description
                "Low loss priority";
            }
            enum "medium-low" {
              value 1;
              description
                "Medium-low loss priority";
            }
            enum "medium-high" {
              value 2;
              description
                "Medium-high loss priority";
            }
            enum "high" {
              value 3;
              description
                "High loss priority";
            }
          }
          description "Packet loss priority";
        }

        container rate-limit {
          description "Apply rate limiters";
          uses apply-advanced;

          leaf client-to-server {
            junos:must "("class-of-service application-traffic-control rate-limiters $$")";
            junos:must-message "Rate limiter must be defined";
            type string;
            description
              "Client-to-server rate limiter";
          }

          leaf server-to-client {
            junos:must "("class-of-service application-traffic-control rate-limiters $$")";
            junos:must-message "Rate limiter must be defined";
            type string;
            description
              "Server-to-client rate limiter";
          }

          leaf loss-priority-high {
            type empty;
            description
              "Set Rate limiter's action Loss-Priority to high";
          }
        }  // container rate-limit

        leaf log {
          type empty;
          description "Log the action";
        }
      }  // container then
    }  // grouping appqos_rule_type

    grouping authentication-source-type {
      description
        "Configure user-identification authentication-source";
      leaf name {
        type enumeration {
          enum "local-authentication-table" {
            value 0;
            description
              "Local-authentication-table, default priority is 100.";
          }
          enum "unified-access-control" {
            value 1;
            description
              "Unified-access-control, default priority is 200.";
          }
          enum "firewall-authentication" {
            value 2;
            description
              "Firewall-authentication, default priority is 150.";
          }
          enum
            "active-directory-authentication-table" {
            value 3;
            description
              "Active-directory-authentication-table, default priority is 125.";
          }
          enum "aruba-clearpass" {
            value 4;
            description
              "ClearPass-authentication-table, default priority is 110.";
          }
        }
        description
          "User-identification authentication-source name";
      }

      uses apply-advanced;

      choice authentication-source-option {
        leaf priority {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "0 .. 65535";
            }
          }
          description
            "Larger number means lower priority, 0 for disable";
        }
      }  // choice authentication-source-option
    }  // grouping authentication-source-type

    grouping av-fallback-settings {
      description
        "Anti-virus fallback settings";
      uses apply-advanced;

      leaf default {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description "Default action";
      }

      leaf content-size {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description
          "Fallback action for over content size";
      }

      leaf engine-not-ready {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description
          "Fallback action for engine not ready";
      }

      leaf timeout {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description
          "Fallback action for engine scan timeout";
      }

      leaf out-of-resources {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description
          "Fallback action for out of resources";
      }

      leaf too-many-requests {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description
          "Fallback action for requests exceed engine limit";
      }

      leaf decompress-err {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
        }
        description
          "Fallback action for decompress error";
      }
    }  // grouping av-fallback-settings

    grouping aws-object {
      uses apply-advanced;

      container cloudwatch {
        description
          "Configure AWS CloudWatch";
        uses apply-advanced;

        container metric {
          description
            "Configure AWS CloudWatch metric";
          uses apply-advanced;

          leaf collect-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 60";
              }
            }
            units "minutes";
            default "3";
            description
              "Set metric collection interval";
          }

          leaf namespace {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 32";
            }
            description
              "Container for collected metrics";
          }

          leaf region {
            type string;
            description
              "Set AWS CloudWatch metric region";
          }
        }  // container metric

        container log {
          description
            "Configure AWS CloudWatch metric";
          uses apply-advanced;

          leaf group {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 32";
            }
            description
              "Group of log streams";
          }

          leaf region {
            type string;
            description
              "Set AWS CloudWatch log region";
          }

          list file {
            key "name";
            description
              "File from which to collect log data";
            leaf name {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 64";
              }
              description
                "Name of file from which to collect log data";
            }

            uses apply-advanced;

            leaf security-hub-import {
              type empty;
              description
                "Import security events in the file to AWS Security Hub";
            }

            leaf collect-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 60";
                }
              }
              units "minutes";
              default "3";
              description
                "Set log collection interval";
            }
          }  // list file
        }  // container log
      }  // container cloudwatch
    }  // grouping aws-object

    grouping banner-object {
      uses apply-advanced;

      container banner {
        description
          "Banners that are prompted during authentication";
        uses apply-advanced;

        leaf login {
          type string {
            length "1 .. 250";
          }
          description
            "The message that will be displayed before login";
        }

        leaf success {
          type string {
            length "1 .. 250";
          }
          description
            "The message that will be displayed on successful login";
        }

        leaf fail {
          type string {
            length "1 .. 250";
          }
          description
            "The message that will be displayed after failed user login";
        }
      }  // container banner
    }  // grouping banner-object

    grouping batch-query-type {
      description
        "Batch query configuration";
      uses apply-advanced;

      leaf items-per-batch {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "100 .. 1000";
          }
        }
        default "200";
        description
          "Items number per batch query";
      }

      leaf query-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 60";
          }
        }
        units "seconds";
        default "5";
        description "Query interval";
      }
    }  // grouping batch-query-type

    grouping category-list-type {
      description
        "Configure category-list object";
      leaf name {
        type string {
          junos:posix-pattern "^[a-zA-Z_]+[a-zA-Z_0-9-]*$";
          junos:pattern-message "Must be a string beginning with a letter or underscore and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 59";
        }
        description
          "Configure name of category-list object";
      }

      uses apply-advanced;

      leaf-list value {
        type string;
        ordered-by user;
        description
          "Configure value of category-list object";
      }
    }  // grouping category-list-type

    grouping certificate-object {
      leaf name {
        type string;
        description
          "Simple name to identify this certificate";
      }

      uses apply-advanced;

      leaf certificate {
        type string;
        description
          "Certificate and private key string";
      }
    }  // grouping certificate-object

    grouping clients-object {
      leaf name {
        junos:must "((".. user" || ".. user-groups"))";
        junos:must-message "user or user-groups must be defined";
        type string {
          length "1 .. 31";
        }
        description "Client config name";
      }

      uses apply-advanced;

      list remote-protected-resources {
        key "name";
        ordered-by user;
        description
          "IP/mask of remote protected resources";
        leaf name {
          type jt:ipv4prefix-mandatory;
          description
            "IP/mask of remote protected resources";
        }
      }  // list remote-protected-resources

      list remote-exceptions {
        key "name";
        ordered-by user;
        description
          "Ip/mask of exceptions being passthru";
        leaf name {
          type jt:ipv4prefix-mandatory;
          description
            "Ip/mask of exceptions being passthru";
        }
      }  // list remote-exceptions

      leaf ipsec-vpn {
        junos:must "("security ipsec vpn $$")";
        junos:must-message "ipsec-vpn must be defined";
        type string;
        description
          "IPSec VPN assigned to remote access client";
      }

      list user {
        key "name";
        description "Remote IPSec VPN users";
        leaf name {
          type string;
          description "User name";
        }

        uses apply-advanced;
      }  // list user

      list user-groups {
        key "name";
        description
          "Remote IPSec VPN usergroups";
        leaf name {
          type string;
          description "Usergroup name";
        }

        uses apply-advanced;
      }  // list user-groups
    }  // grouping clients-object

    grouping command-list-type {
      description
        "Configure command-list object";
      leaf name {
        type string {
          junos:posix-pattern "^[a-zA-Z_]+[a-zA-Z_0-9-]*$";
          junos:pattern-message "Must be a string beginning with a letter or underscore and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 29";
        }
        description
          "Configure name of command-list object";
      }

      uses apply-advanced;

      leaf-list value {
        type string {
          length "1 .. 64";
        }
        ordered-by user;
        description
          "Configure value of command-list object";
      }
    }  // grouping command-list-type

    grouping content-filtering-feature {
      description
        "Content-filtering feature";
      uses apply-advanced;

      list profile {
        key "name";
        ordered-by user;
        description
          "Content filtering profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description
            "Content-filtering feature profile name";
        }

        uses apply-advanced;

        leaf permit-command {
          junos:must "("security utm custom-objects protocol-command $$")";
          junos:must-message "protocol-command must be defined";
          type string;
          description "Permit command list";
        }

        leaf block-command {
          junos:must "("security utm custom-objects protocol-command $$")";
          junos:must-message "protocol-command must be defined";
          type string;
          description "Block command list";
        }

        leaf block-extension {
          junos:must "("security utm custom-objects filename-extension $$")";
          junos:must-message "filename-extension must be defined";
          type string;
          description "Block extension list";
        }

        container block-mime {
          presence "enable block-mime";
          description
            "Content-filtering feature block MIME";
          uses apply-advanced;

          leaf list {
            junos:must "("security utm custom-objects mime-pattern $$")";
            junos:must-message "mime-pattern must be defined";
            type string;
            description "Block MIME list";
          }

          leaf exception {
            junos:must "("security utm custom-objects mime-pattern $$")";
            junos:must-message "mime-pattern must be defined";
            type string;
            description
              "Exception of block MIME list";
          }
        }  // container block-mime

        container block-content-type {
          description
            "Content-filtering feature block content type";
          uses apply-advanced;

          leaf activex {
            type empty;
            description "Block activex";
          }

          leaf java-applet {
            type empty;
            description "Block Java-applet";
          }

          leaf exe {
            type empty;
            description
              "Block Windows/dos exe file";
          }

          leaf zip {
            type empty;
            description "Block zip file";
          }

          leaf http-cookie {
            type empty;
            description "Block HTTP cookie";
          }
        }  // container block-content-type

        container notification-options {
          presence
            "enable notification-options";
          description "Notification options";
          uses apply-advanced;

          leaf type {
            type enumeration {
              enum "protocol-only" {
                value 0;
                description
                  "Notification in protocol level";
              }
              enum "message" {
                value 1;
                description
                  "Notification in message";
              }
            }
            description
              "Notification options type";
          }

          choice notify-mail-sender-choice {
            leaf notify-mail-sender {
              type empty;
              description
                "Notifiy mail sender";
            }
            leaf no-notify-mail-sender {
              type empty;
              description
                "Don't notifiy mail sender";
            }
          }  // choice notify-mail-sender-choice

          leaf custom-message {
            type string {
              length "1 .. 512";
            }
            description
              "Custom notification message";
          }
        }  // container notification-options
      }  // list profile
    }  // grouping content-filtering-feature

    grouping custom-attack-group-type {
      description
        "Define custom attack group";
      leaf name {
        type string;
        description
          "Custom attack group name";
      }

      uses apply-advanced;

      leaf attack-group-description {
        type string;
        status deprecated;
        description
          "Attack group description in xml format";
      }

      leaf-list group-members {
        type string;
        ordered-by user;
        description
          "List of attacks/attack groups belonging to this group";
      }
    }  // grouping custom-attack-group-type

    grouping custom-attack-type {
      description "Define custom attack";
      leaf name {
        type string {
          junos:posix-pattern "^.{1,60}$";
          junos:pattern-message "Custom attack name must be a string of 60 characters or less";
        }
        description "Custom attack name";
      }

      uses apply-advanced;

      leaf-list attack-description {
        type string;
        ordered-by user;
        description "Attack description";
      }

      leaf recommended-action {
        type enumeration {
          enum "none" {
            value 0;
            description "No action";
          }
          enum "ignore" {
            value 1;
            description
              "No further inspection on the flow";
          }
          enum "drop-packet" {
            value 2;
            description "Drop the packet";
          }
          enum "drop" {
            value 3;
            description
              "Drop the packet and subsequent packets of the flow";
          }
          enum "close-client" {
            value 4;
            description
              "Reset the client side";
          }
          enum "close-server" {
            value 5;
            description
              "Reset the server side";
          }
          enum "close" {
            value 6;
            description
              "Reset both client and server";
          }
        }
        description "Recommended Action";
      }

      leaf severity {
        type enumeration {
          enum "info" {
            value 0;
            description
              "Provide information of attack when it matches.";
          }
          enum "warning" {
            value 1;
            description
              "Issue a warning when attack matches.";
          }
          enum "minor" {
            value 2;
            description
              "The attack is a  minor one.";
          }
          enum "major" {
            value 3;
            description
              "The attack is a major one.";
          }
          enum "critical" {
            value 4;
            description
              "The attack is a critical one.";
          }
        }
        description
          "Select the severity that matches the lethality of this attack on your network";
      }

      container time-binding {
        description "Time binding params";
        leaf count {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Number of times this attack is to be triggered";
        }

        leaf scope {
          junos:must "((!(".. count 0") && !(".. count 1")))";
          junos:must-message "Scope should be defined if count > 1";
          type enumeration {
            enum "peer" {
              value 0;
              description
                "If the attack is between a single source and single destination";
            }
            enum "source" {
              value 1;
              description
                "If the attack is from one source and multiple destination";
            }
            enum "destination" {
              value 2;
              description
                "If the attack is from multiple sources to one destination";
            }
          }
          description
            "Scope within which the count occurs";
        }

        leaf interval {
          junos:must "((!(".. count 0") && (!(".. count 1") && (".. count" && ".. scope"))))";
          junos:must-message "To configure interval, count & scope should be set and count should be greater than or equal to 2";
          type string {
            junos:posix-pattern "^((([0-5][0-9])[m][-]([0-5][0-9])[s])|([6][0][m][-][0][0][s]))$";
            junos:pattern-message "Invalid interval format: Correct format MMm-SSs, with minutes range 00-60, seconds range 00-59";
          }
          default "01m-00s";
          description
            "Maximum time-gap between two instances of the attack. Format : MMm-SSs";
        }
      }  // container time-binding

      container detection-filter {
        junos:must "(!(".. time-binding"))";
        junos:must-message "Time-binding and detection-filter will not be allowed together";
        description
          "Detection filter params";
        leaf count {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Number of matches for this attack to be triggered. Must be greater than 0";
        }

        leaf scope {
          type enumeration {
            enum "session" {
              value 0;
              description
                "If the attack is between a single source and single destination";
            }
            enum "source" {
              value 1;
              description
                "If the attack is from one source and multiple destination";
            }
            enum "destination" {
              value 2;
              description
                "If the attack is from multiple sources to one destination";
            }
          }
          description
            "Scope within which the count occurs";
        }

        leaf interval {
          type string {
            junos:posix-pattern "^((([0-5][0-9])[m][-]([0-5][0-9])[s])|([6][0][m][-][0][0][s]))$";
            junos:pattern-message "Invalid interval format: Correct format MMm-SSs, with minutes range 00-60, seconds range 00-59";
          }
          description
            "Time period over which count is accrued. Format : MMm-SSs. Minimum value is 1 second";
        }
      }  // container detection-filter

      container attack-type {
        description "Type of attack";
        uses apply-advanced;

        container signature {
          junos:must "(!((".. anomaly" || ".. chain")))";
          junos:must-message "Only one attack type is permitted";
          description
            "Signature based attack";
          uses apply-advanced;

          container protocol-binding {
            description
              "Protocol binding over which attack will be detected";
            uses apply-advanced;

            choice protocol {
              container tcp {
                presence "enable tcp";
                description
                  "Attack is for TCP packets only";
                uses apply-advanced;

                list minimum-port {
                  key "name";
                  ordered-by user;
                  description
                    "Multiple sets of (single port/port ranges) can be specified";
                  uses port-range;
                }  // list minimum-port
              }  // container tcp
              container udp {
                presence "enable udp";
                description
                  "Attack is for UDP packets only";
                uses apply-advanced;

                list minimum-port {
                  key "name";
                  ordered-by user;
                  description
                    "Either single port or port ranges can be specified";
                  uses port-range;
                }  // list minimum-port
              }  // container udp
              container rpc {
                presence "enable rpc";
                description
                  "Attack is for RPC packets only";
                uses apply-advanced;

                leaf program-number {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "RPC Program Number";
                }
              }  // container rpc
              leaf icmp {
                type empty;
                description
                  "Attack is for ICMP packets only";
              }
              leaf icmpv6 {
                type empty;
                description
                  "Attack is for ICMPv6 packets only";
              }
              container ip {
                presence "enable ip";
                description
                  "Attack is for all IP based packets";
                uses apply-advanced;

                leaf protocol-number {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 139";
                    }
                  }
                  description
                    "Transport layer protocol number";
                }
              }  // container ip
              container ipv6 {
                presence "enable ipv6";
                description
                  "Attack is for all IPv6 based packets";
                uses apply-advanced;

                leaf protocol-number {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 139";
                    }
                  }
                  description
                    "Transport layer protocol number";
                }
              }  // container ipv6
              leaf application {
                type string;
                description
                  "Application name";
              }
              leaf nested-application {
                type string;
                status deprecated;
                description
                  "Nested application name";
              }
            }  // choice protocol
          }  // container protocol-binding

          leaf context {
            type string;
            description "Context";
          }

          leaf pattern {
            junos:must "(".. context")";
            junos:must-message "Context must be specified";
            type string {
              length "0 .. 511";
            }
            description
              "Pattern is the signature of the attack you want to detect";
          }

          leaf pattern-pcre {
            junos:must "(".. context")";
            junos:must-message "Context must be specified";
            type string {
              length "0 .. 511";
            }
            description
              "Attack signature pattern in PCRE format";
          }

          container content {
            junos:must "(".. context")";
            junos:must-message "Context must be specified";
            description
              "Mention the match-modifire parameters to enhance pattern matching";
            leaf pattern {
              type string;
              description
                "Specify match-modifier pattern";
            }

            leaf pcre {
              type string {
                length "0 .. 511";
              }
              description "PCRE expression";
            }

            container depth {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Maximum depth to search pattern within a packet. Depth is not relative";
              leaf depth-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Specify the value of 'depth'";
              }

              leaf depth-variable {
                type string;
                description
                  "Specify the variable name from which 'depth' should be extracted";
              }
            }  // container depth

            container offset {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Where to start searching for a pattern within a packet. Offset value is not relative";
              leaf offset-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "0 .. 65535";
                  }
                }
                description
                  "Specify the value of 'offset'";
              }

              leaf offset-variable {
                type string;
                description
                  "Specify the variable name from which 'offset' should be extracted";
              }
            }  // container offset

            container within {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Maximum Number of bytes present between two conjugative pattern match. within is  relative";
              leaf within-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Specify the value of 'within'";
              }

              leaf within-variable {
                type string;
                description
                  "Specify the variable name from which 'within' should be extracted";
              }
            }  // container within

            container distance {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Maximum Length to ignore before searching next pattern match. Distance is  relative";
              leaf distance-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "-65535 .. 65535";
                  }
                }
                description
                  "Specify the value of 'distance'";
              }

              leaf distance-variable {
                type string;
                description
                  "Specify the variable name from which 'distance' should be extracted";
              }
            }  // container distance

            container byte-extract {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-extract parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              leaf offset {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Specify the number of bytes in to payload to start processing";
              }

              leaf var-name {
                type string;
                description
                  "Specify the name of the variable to reference in other rule options";
              }

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf multiplier {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Specify the value to be multiplied against the bytes read";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf align {
                type enumeration {
                  enum "2-byte" {
                    value 0;
                    description
                      "Round the number of converted bytes to 2-byte boundary";
                  }
                  enum "4-byte" {
                    value 1;
                    description
                      "Round the number of converted bytes to 4-byte boundary";
                  }
                }
                description
                  "Specify the byte alignment";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }
            }  // container byte-extract

            container byte-test {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-test parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              container offset {
                description
                  "Mention the offset variable name or offset value to be used";
                leaf offset-value {
                  type union {
                    type int32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Specify the number of bytes in to payload to start processing";
                }

                leaf offset-variable {
                  type string;
                  description
                    "Specify the name of the offset variable";
                }
              }  // container offset

              container rvalue {
                description
                  "Specify the rvalue to test the converted value against";
                leaf rvalue-value {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Specify the value";
                }

                leaf rvalue-variable {
                  type string;
                  description
                    "Specify the variable name";
                }
              }  // container rvalue

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf operator {
                type enumeration {
                  enum "less-than" {
                    value 0;
                    description
                      "Perform operation 'less than'";
                  }
                  enum "greater-than" {
                    value 1;
                    description
                      "Perform operation 'greater than'";
                  }
                  enum "less-than-or-equal" {
                    value 2;
                    description
                      "Perform operation 'less than or equal'";
                  }
                  enum
                    "greater-than-or-equal" {
                    value 3;
                    description
                      "Perform operation 'greater than or equal'";
                  }
                  enum "equal" {
                    value 4;
                    description
                      "Perform operation 'equal'";
                  }
                  enum "bitwise-AND" {
                    value 5;
                    description
                      "Perform operation 'bitwise AND'";
                  }
                  enum "bitwise-XOR" {
                    value 6;
                    description
                      "Perform operation 'bitwise OR'";
                  }
                }
                description
                  "Specify the operation to perform on extracted value";
              }

              leaf negate {
                type empty;
                description
                  "Check if the operator is not true";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }
            }  // container byte-test

            container byte-math {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-math parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              leaf offset {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "0 .. 65535";
                  }
                }
                description
                  "Specify the number of bytes in to payload to start processing";
              }

              container rvalue {
                description
                  "Specify the value to use mathematical operation against";
                leaf rvalue-value {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Specify the value";
                }

                leaf rvalue-variable {
                  type string;
                  description
                    "Specify the variable name";
                }
              }  // container rvalue

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf operator {
                type enumeration {
                  enum "addition" {
                    value 0;
                    description
                      "Perform operation 'addition'";
                  }
                  enum "subtraction" {
                    value 1;
                    description
                      "Perform operation 'subtraction'";
                  }
                  enum "multiplication" {
                    value 2;
                    description
                      "Perform operation 'multiplication'";
                  }
                  enum "division" {
                    value 3;
                    description
                      "Perform operation 'division'";
                  }
                  enum "right-shift" {
                    value 4;
                    description
                      "Perform operation 'right shift'";
                  }
                  enum "left-shift" {
                    value 5;
                    description
                      "Perform operation 'left shift'";
                  }
                }
                description
                  "Specify the operation to perform on extracted value";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }

              leaf result {
                type string;
                description
                  "Specify the variable name to which result should be stored";
              }
            }  // container byte-math

            container byte-jump {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-jump parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              container offset {
                description
                  "Mention the offset variable name or offset value to be used";
                leaf offset-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "0 .. 65535";
                    }
                  }
                  description
                    "Specify the number of bytes in to payload to start processing";
                }

                leaf offset-variable {
                  type string;
                  description
                    "Specify the name of the offset variable";
                }
              }  // container offset

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf multiplier {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Specify the value to be multiplied against the bytes read";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf align {
                type enumeration {
                  enum "4-byte" {
                    value 0;
                    description
                      "Round the number of converted bytes to 4-byte boundary";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }

              leaf from-beginning {
                type empty;
                description
                  "Enable jump from the beginning of the payload";
              }

              leaf from-end {
                type empty;
                description
                  "Enable jump from the end of the payload";
              }

              leaf post-offset {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "-65535 .. 65535";
                  }
                }
                description
                  "Specify the number of bytes to skip forward or backward";
              }
            }  // container byte-jump

            container is-data-at {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the is-data-at parameters for signature in length encoded protocols";
              container offset {
                description
                  "Mention the offset variable name or offset value to be used";
                leaf offset-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "0 .. 65535";
                    }
                  }
                  description
                    "Specify the number of bytes in to payload to start processing";
                }

                leaf offset-variable {
                  type string;
                  description
                    "Specify the name of the offset variable";
                }
              }  // container offset

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf negate {
                type empty;
                description
                  "Negates the results of the isdataat test";
              }
            }  // container is-data-at
          }  // container content

          container optional-parameters {
            junos:must "(".. pattern-pcre")";
            junos:must-message "Applicable only for pattern-pcre defined signatures";
            description
              "Mention the optional parameters to enhance pattern matching";
            leaf min-offset {
              type union {
                type uint64;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Minimum offset in data at which pattern-match can end";
            }

            leaf max-offset {
              type union {
                type uint64;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Maximum offset in data at which pattern-match can end";
            }

            leaf min-length {
              type union {
                type uint64;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Minimum match length required to match the pattern";
            }

            leaf edit-distance {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Match the pattern within this edit distance";
            }

            leaf hamming-distance {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Match the pattern within this hamming distance";
            }
          }  // container optional-parameters

          leaf regexp {
            junos:must "((".. pattern" || ".. pattern-pcre"))";
            junos:must-message "A pattern or pattern-pcre must be defined ";
            type string {
              length "0 .. 511";
            }
            description
              "Regular expression used for matching repetition of patterns";
          }

          leaf negate {
            junos:must "(!((".. context normalized-stream" || (".. context normalized-stream256" || (".. context normalized-stream1k" || ".. context normalized-stream8k")))))";
            junos:must-message "Negation not supported for normalized-stream contexts";
            junos:must "(!((".. context stream" || (".. context stream256" || (".. context stream1k" || ".. context stream8k")))))";
            junos:must-message "Negation not supported for stream contexts";
            type empty;
            description
              "Trigger the attack if condition is not met";
          }

          leaf direction {
            type enumeration {
              enum "client-to-server" {
                value 0;
                description
                  "Client to Server";
              }
              enum "server-to-client" {
                value 1;
                description
                  "Server to Client";
              }
              enum "any" {
                value 2;
                description "Any direction";
              }
            }
            description
              "Connection direction of the attack";
          }

          leaf shellcode {
            type enumeration {
              enum "intel" {
                value 0;
                description
                  "Detect shellcode for intel platforms";
              }
              enum "sparc" {
                value 1;
                description
                  "Detect shellcode for sparc platforms";
              }
              enum "all" {
                value 2;
                description
                  "Detect shellcode for both intel and sparc platforms";
              }
              enum "no-shellcode" {
                value 3;
                description
                  "Do not detect shellcode";
              }
            }
            description
              "Specify shellcode flag for this attack";
          }

          container protocol {
            description
              "Protocol header matches";
            uses apply-advanced;

            container ipv4 {
              description
                "IPv4 protocol parameters";
              uses apply-advanced;

              container tos {
                presence "enable tos";
                description
                  "Type of Service";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container tos

              container ihl {
                presence "enable ihl";
                description
                  "Header length in words";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 15";
                    }
                  }
                  description "Match value";
                }
              }  // container ihl

              container total-length {
                presence
                  "enable total-length";
                description
                  "Total Length of IP datagram";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container total-length

              container identification {
                presence
                  "enable identification";
                description
                  "Fragment Identification";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container identification

              container ip-flags {
                presence "enable ip-flags";
                description "IP Flag bits";
                choice rb-choice {
                  leaf rb {
                    type empty;
                    description
                      "Reserved bit";
                  }
                  leaf no-rb {
                    type empty;
                    description
                      "Don't reserved bit";
                  }
                }  // choice rb-choice

                choice mf-choice {
                  leaf mf {
                    type empty;
                    description
                      "More Fragment bit";
                  }
                  leaf no-mf {
                    type empty;
                    description
                      "Don't more Fragment bit";
                  }
                }  // choice mf-choice

                choice df-choice {
                  leaf df {
                    type empty;
                    description
                      "Don't Fragment bit";
                  }
                  leaf no-df {
                    type empty;
                    description
                      "Don't don't Fragment bit";
                  }
                }  // choice df-choice
              }  // container ip-flags

              container ttl {
                presence "enable ttl";
                description "Time to live";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container ttl

              container protocol {
                presence "enable protocol";
                description
                  "Transport layer protocol";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container protocol

              container source {
                presence "enable source";
                description
                  "Source IP-address/Hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv4addr;
                  description "Match value";
                }
              }  // container source

              container destination {
                presence
                  "enable destination";
                description
                  "Destination IP-address/Hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv4addr;
                  description "Match value";
                }
              }  // container destination

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container ipv4

            container ipv6 {
              description
                "IPv6 protocol parameters";
              uses apply-advanced;

              container traffic-class {
                presence
                  "enable traffic-class";
                description
                  "Traffic class. Similar to TOS in IPv4";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container traffic-class

              container payload-length {
                presence
                  "enable payload-length";
                description
                  "Length of the payload in the IPv6 datagram";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container payload-length

              container flow-label {
                presence "enable flow-label";
                description
                  "Flow label identification";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 1048575";
                    }
                  }
                  description "Match value";
                }
              }  // container flow-label

              container hop-limit {
                presence "enable hop-limit";
                description "Hop limit";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container hop-limit

              container next-header {
                presence
                  "enable next-header";
                description
                  "The header following the basic IPv6 header";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container next-header

              container source {
                presence "enable source";
                description
                  "Source IP-address or hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv6addr;
                  description "Match value";
                }
              }  // container source

              container destination {
                presence
                  "enable destination";
                description
                  "Destination IP-address or hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv6addr;
                  description "Match value";
                }
              }  // container destination

              container extension-header {
                description
                  "IPv6 Extension headers";
                uses apply-advanced;

                container routing-header {
                  presence
                    "enable routing-header";
                  description
                    "IPv6 Routing extension header";
                  uses apply-advanced;

                  container header-type {
                    description
                      "Routing header type";
                    uses apply-advanced;

                    leaf match {
                      type enumeration {
                        enum "equal" {
                          value 0;
                          description
                            "Match when value in packet is exact match";
                        }
                        enum "greater-than" {
                          value 1;
                          description
                            "Match when value in packet is greater";
                        }
                        enum "less-than" {
                          value 2;
                          description
                            "Match when value in packet is less";
                        }
                        enum "not-equal" {
                          value 3;
                          description
                            "Match when value in packet is not exact match";
                        }
                      }
                      description
                        "Match condition";
                    }

                    leaf value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range "0 .. 255";
                        }
                      }
                      description
                        "Match value";
                    }
                  }  // container header-type
                }  // container routing-header

                container destination-option {
                  description
                    "IPv6 Destination option extension header";
                  uses apply-advanced;

                  container option-type {
                    description
                      "Destination option header type";
                    uses apply-advanced;

                    leaf match {
                      type enumeration {
                        enum "equal" {
                          value 0;
                          description
                            "Match when value in packet is exact match";
                        }
                        enum "greater-than" {
                          value 1;
                          description
                            "Match when value in packet is greater";
                        }
                        enum "less-than" {
                          value 2;
                          description
                            "Match when value in packet is less";
                        }
                        enum "not-equal" {
                          value 3;
                          description
                            "Match when value in packet is not exact match";
                        }
                      }
                      description
                        "Match condition";
                    }

                    leaf value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range "0 .. 255";
                        }
                      }
                      description
                        "Match value";
                    }
                  }  // container option-type

                  container home-address {
                    description
                      "IPv6 Home address of the mobile node";
                    uses apply-advanced;

                    leaf match {
                      type enumeration {
                        enum "equal" {
                          value 0;
                          description
                            "Match when value in packet is exact match";
                        }
                        enum "greater-than" {
                          value 1;
                          description
                            "Match when value in packet is greater";
                        }
                        enum "less-than" {
                          value 2;
                          description
                            "Match when value in packet is less";
                        }
                        enum "not-equal" {
                          value 3;
                          description
                            "Match when value in packet is not exact match";
                        }
                      }
                      description
                        "Match condition";
                    }

                    leaf value {
                      type jt:ipv6addr;
                      description
                        "Match value";
                    }
                  }  // container home-address
                }  // container destination-option
              }  // container extension-header
            }  // container ipv6

            container tcp {
              junos:must "((!(".. udp") && !(".. icmp")))";
              junos:must-message "tcp cannot be specified with udp or icmp";
              description
                "TCP protocol parameters";
              uses apply-advanced;

              container source-port {
                presence
                  "enable source-port";
                description "Source port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container source-port

              container destination-port {
                presence
                  "enable destination-port";
                description
                  "Destination port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container destination-port

              container sequence-number {
                presence
                  "enable sequence-number";
                description
                  "Sequence Number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "0 .. 4294967295";
                    }
                  }
                  description "Match value";
                }
              }  // container sequence-number

              container ack-number {
                presence "enable ack-number";
                description
                  "Acknowledgement Number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "0 .. 4294967295";
                    }
                  }
                  description "Match value";
                }
              }  // container ack-number

              container header-length {
                presence
                  "enable header-length";
                description
                  "Header Length in words";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 15";
                    }
                  }
                  description "Match value";
                }
              }  // container header-length

              container reserved {
                presence "enable reserved";
                description
                  "Three reserved bits";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 7";
                    }
                  }
                  description "Match value";
                }
              }  // container reserved

              container window-size {
                presence
                  "enable window-size";
                description "Window Size";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container window-size

              container urgent-pointer {
                presence
                  "enable urgent-pointer";
                description "Urgent Pointer";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container urgent-pointer

              container tcp-flags {
                presence "enable tcp-flags";
                description
                  "TCP header flags";
                choice r1-choice {
                  leaf r1 {
                    type empty;
                    description
                      "Set Reserverd bit 1";
                  }
                  leaf no-r1 {
                    type empty;
                    description
                      "Don't set Reserverd bit 1";
                  }
                }  // choice r1-choice

                choice r2-choice {
                  leaf r2 {
                    type empty;
                    description
                      "Set Reserved bit 2";
                  }
                  leaf no-r2 {
                    type empty;
                    description
                      "Don't set Reserved bit 2";
                  }
                }  // choice r2-choice

                choice urg-choice {
                  leaf urg {
                    type empty;
                    description
                      "Set Urgent bit";
                  }
                  leaf no-urg {
                    type empty;
                    description
                      "Don't set Urgent bit";
                  }
                }  // choice urg-choice

                choice ack-choice {
                  leaf ack {
                    type empty;
                    description
                      "Set Acknowledge bit";
                  }
                  leaf no-ack {
                    type empty;
                    description
                      "Don't set Acknowledge bit";
                  }
                }  // choice ack-choice

                choice psh-choice {
                  leaf psh {
                    type empty;
                    description
                      "Set Push bit";
                  }
                  leaf no-psh {
                    type empty;
                    description
                      "Don't set Push bit";
                  }
                }  // choice psh-choice

                choice rst-choice {
                  leaf rst {
                    type empty;
                    description
                      "Set Reset bit";
                  }
                  leaf no-rst {
                    type empty;
                    description
                      "Don't set Reset bit";
                  }
                }  // choice rst-choice

                choice syn-choice {
                  leaf syn {
                    type empty;
                    description
                      "Set SYN bit";
                  }
                  leaf no-syn {
                    type empty;
                    description
                      "Don't set SYN bit";
                  }
                }  // choice syn-choice

                choice fin-choice {
                  leaf fin {
                    type empty;
                    description
                      "Set FINish bit";
                  }
                  leaf no-fin {
                    type empty;
                    description
                      "Don't set FINish bit";
                  }
                }  // choice fin-choice
              }  // container tcp-flags

              container option {
                presence "enable option";
                description "Kind";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container option

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IP datagram subtracted by TCP header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container window-scale {
                presence
                  "enable window-scale";
                description "Window scale";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container window-scale

              container mss {
                presence "enable mss";
                description
                  "Maximum Segment Size";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container mss

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container tcp

            container udp {
              junos:must "((!(".. tcp") && !(".. icmp")))";
              junos:must-message "udp cannot be specified with tcp or icmp";
              description
                "UDP protocol parameters";
              uses apply-advanced;

              container source-port {
                presence
                  "enable source-port";
                description "Source port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container source-port

              container destination-port {
                presence
                  "enable destination-port";
                description
                  "Destination port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container destination-port

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IP datagram subtracted by UDP header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container udp

            container icmp {
              junos:must "((!(".. udp") && (!(".. tcp") && !(".. icmpv6"))))";
              junos:must-message "icmp cannot be specified with tcp or udp or icmpv6";
              description
                "ICMP protocol parameters";
              uses apply-advanced;

              container type {
                presence "enable type";
                description "Type";
                uses apply-advanced;

                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container type

              container code {
                presence "enable code";
                description "Code";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container code

              container identification {
                presence
                  "enable identification";
                description
                  "Identifier in echo request/reply";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container identification

              container sequence-number {
                presence
                  "enable sequence-number";
                description
                  "Sequence Number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container sequence-number

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IP datagram subtracted by ICMP header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container icmp

            container icmpv6 {
              junos:must "((!(".. udp") && (!(".. tcp") && !(".. icmp"))))";
              junos:must-message "icmpv6 cannot be specified with tcp or udp or icmp";
              description
                "ICMPv6 protocol parameters";
              uses apply-advanced;

              container type {
                presence "enable type";
                description "Type";
                uses apply-advanced;

                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container type

              container code {
                presence "enable code";
                description "Code";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container code

              container identification {
                presence
                  "enable identification";
                description
                  "Identifier in echo request/reply";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container identification

              container sequence-number {
                presence
                  "enable sequence-number";
                description
                  "Sequence number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container sequence-number

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IPv6 datagram subtracted by ICMPv6 header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container icmpv6
          }  // container protocol
        }  // container signature

        container anomaly {
          junos:must "(!((".. signature" || ".. chain")))";
          junos:must-message "Only one attack type is permitted";
          description "Protocol anomaly";
          uses apply-advanced;

          leaf service {
            type string;
            description "Service name";
          }

          leaf test {
            type string;
            description
              "Protocol anomaly condition to be checked";
          }

          leaf direction {
            type enumeration {
              enum "client-to-server" {
                value 0;
                description
                  "From Client to Server";
              }
              enum "server-to-client" {
                value 1;
                description
                  "From Server to Client";
              }
              enum "any" {
                value 2;
                description "Any direction";
              }
            }
            description "Direction";
          }

          leaf shellcode {
            type enumeration {
              enum "intel" {
                value 0;
                description
                  "Detect shellcode for intel platforms";
              }
              enum "sparc" {
                value 1;
                description
                  "Detect shellcode for sparc platforms";
              }
              enum "all" {
                value 2;
                description
                  "Detect shellcode for both intel and sparc platforms";
              }
              enum "no-shellcode" {
                value 3;
                description
                  "Do not detect shellcode";
              }
            }
            description
              "Specify shellcode flag for this attack";
          }
        }  // container anomaly

        container chain {
          junos:must "(!((".. signature" || ".. anomaly")))";
          junos:must-message "Only one attack type is permitted";
          description "Chain attack";
          uses apply-advanced;

          container protocol-binding {
            description
              "Protocol binding over which attack will be detected";
            uses apply-advanced;

            choice protocol {
              container tcp {
                presence "enable tcp";
                description
                  "Attack is for TCP packets only";
                uses apply-advanced;

                list minimum-port {
                  key "name";
                  ordered-by user;
                  description
                    "Multiple sets of (single port/port ranges) can be specified";
                  uses port-range;
                }  // list minimum-port
              }  // container tcp
              container udp {
                presence "enable udp";
                description
                  "Attack is for UDP packets only";
                uses apply-advanced;

                list minimum-port {
                  key "name";
                  ordered-by user;
                  description
                    "Either single port or port ranges can be specified";
                  uses port-range;
                }  // list minimum-port
              }  // container udp
              container rpc {
                presence "enable rpc";
                description
                  "Attack is for RPC packets only";
                uses apply-advanced;

                leaf program-number {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "RPC Program Number";
                }
              }  // container rpc
              leaf icmp {
                type empty;
                description
                  "Attack is for ICMP packets only";
              }
              leaf icmpv6 {
                type empty;
                description
                  "Attack is for ICMPv6 packets only";
              }
              container ip {
                presence "enable ip";
                description
                  "Attack is for all IP based packets";
                uses apply-advanced;

                leaf protocol-number {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 139";
                    }
                  }
                  description
                    "Transport layer protocol number";
                }
              }  // container ip
              container ipv6 {
                presence "enable ipv6";
                description
                  "Attack is for all IPv6 based packets";
                uses apply-advanced;

                leaf protocol-number {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 139";
                    }
                  }
                  description
                    "Transport layer protocol number";
                }
              }  // container ipv6
              leaf application {
                type string;
                description
                  "Application name";
              }
              leaf nested-application {
                type string;
                status deprecated;
                description
                  "Nested application name";
              }
            }  // choice protocol
          }  // container protocol-binding

          leaf scope {
            type enumeration {
              enum "session" {
                value 0;
                description
                  "Allow matches across transactions within the same session";
              }
              enum "transaction" {
                value 1;
                description
                  "Allow matches in single transactions within the same session";
              }
            }
            description
              "Scope of the attack";
          }

          leaf order {
            type empty;
            description
              "Attacks should match in the order in which they are defined";
          }

          leaf reset {
            type empty;
            description
              "Repeat match should generate a new alert";
          }

          leaf expression {
            junos:must "(!(".. order"))";
            junos:must-message "Boolean Expression cannot be specified with order";
            type string;
            description
              "Boolean Expression(or, and, oand). Multiple expressions can be combined using parenthesis.";
          }

          list member {
            key "name";
            ordered-by user;
            description
              "List of member attacks.";
            uses chain-member-type;
          }  // list member
        }  // container chain
      }  // container attack-type
    }  // grouping custom-attack-type

    grouping chain-member-type {
      description "Chain member";
      leaf name {
        type string;
        description "Custom attack name";
      }

      uses apply-advanced;

      container attack-type {
        presence "enable attack-type";
        description "Type of attack";
        uses apply-advanced;

        container signature {
          junos:must "(!(".. anomaly"))";
          junos:must-message "Only one attack type is permitted";
          description
            "Signature based attack";
          uses apply-advanced;

          leaf context {
            type string;
            description "Context";
          }

          leaf pattern {
            junos:must "(".. context")";
            junos:must-message "Context must be specified";
            type string {
              length "0 .. 511";
            }
            description
              "Pattern is the signature of the attack you want to detect";
          }

          leaf pattern-pcre {
            junos:must "(".. context")";
            junos:must-message "Context must be specified";
            type string {
              length "0 .. 511";
            }
            description
              "Attack signature pattern in PCRE format";
          }

          container content {
            junos:must "(".. context")";
            junos:must-message "Context must be specified";
            description
              "Mention the match-modifire parameters to enhance pattern matching";
            leaf pattern {
              type string;
              description
                "Specify match-modifier pattern";
            }

            leaf pcre {
              type string {
                length "0 .. 511";
              }
              description "PCRE expression";
            }

            container depth {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Maximum depth to search pattern within a packet. Depth is not relative";
              leaf depth-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Specify the value of 'depth'";
              }

              leaf depth-variable {
                type string;
                description
                  "Specify the variable name from which 'depth' should be extracted";
              }
            }  // container depth

            container offset {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Where to start searching for a pattern within a packet. Offset value is not relative";
              leaf offset-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "0 .. 65535";
                  }
                }
                description
                  "Specify the value of 'offset'";
              }

              leaf offset-variable {
                type string;
                description
                  "Specify the variable name from which 'offset' should be extracted";
              }
            }  // container offset

            container within {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Maximum Number of bytes present between two conjugative pattern match. within is  relative";
              leaf within-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Specify the value of 'within'";
              }

              leaf within-variable {
                type string;
                description
                  "Specify the variable name from which 'within' should be extracted";
              }
            }  // container within

            container distance {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Maximum Length to ignore before searching next pattern match. Distance is  relative";
              leaf distance-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "-65535 .. 65535";
                  }
                }
                description
                  "Specify the value of 'distance'";
              }

              leaf distance-variable {
                type string;
                description
                  "Specify the variable name from which 'distance' should be extracted";
              }
            }  // container distance

            container byte-extract {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-extract parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              leaf offset {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Specify the number of bytes in to payload to start processing";
              }

              leaf var-name {
                type string;
                description
                  "Specify the name of the variable to reference in other rule options";
              }

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf multiplier {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Specify the value to be multiplied against the bytes read";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf align {
                type enumeration {
                  enum "2-byte" {
                    value 0;
                    description
                      "Round the number of converted bytes to 2-byte boundary";
                  }
                  enum "4-byte" {
                    value 1;
                    description
                      "Round the number of converted bytes to 4-byte boundary";
                  }
                }
                description
                  "Specify the byte alignment";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }
            }  // container byte-extract

            container byte-test {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-test parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              container offset {
                description
                  "Mention the offset variable name or offset value to be used";
                leaf offset-value {
                  type union {
                    type int32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Specify the number of bytes in to payload to start processing";
                }

                leaf offset-variable {
                  type string;
                  description
                    "Specify the name of the offset variable";
                }
              }  // container offset

              container rvalue {
                description
                  "Specify the rvalue to test the converted value against";
                leaf rvalue-value {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Specify the value";
                }

                leaf rvalue-variable {
                  type string;
                  description
                    "Specify the variable name";
                }
              }  // container rvalue

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf operator {
                type enumeration {
                  enum "less-than" {
                    value 0;
                    description
                      "Perform operation 'less than'";
                  }
                  enum "greater-than" {
                    value 1;
                    description
                      "Perform operation 'greater than'";
                  }
                  enum "less-than-or-equal" {
                    value 2;
                    description
                      "Perform operation 'less than or equal'";
                  }
                  enum
                    "greater-than-or-equal" {
                    value 3;
                    description
                      "Perform operation 'greater than or equal'";
                  }
                  enum "equal" {
                    value 4;
                    description
                      "Perform operation 'equal'";
                  }
                  enum "bitwise-AND" {
                    value 5;
                    description
                      "Perform operation 'bitwise AND'";
                  }
                  enum "bitwise-XOR" {
                    value 6;
                    description
                      "Perform operation 'bitwise OR'";
                  }
                }
                description
                  "Specify the operation to perform on extracted value";
              }

              leaf negate {
                type empty;
                description
                  "Check if the operator is not true";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }
            }  // container byte-test

            container byte-math {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-math parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              leaf offset {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "0 .. 65535";
                  }
                }
                description
                  "Specify the number of bytes in to payload to start processing";
              }

              container rvalue {
                description
                  "Specify the value to use mathematical operation against";
                leaf rvalue-value {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Specify the value";
                }

                leaf rvalue-variable {
                  type string;
                  description
                    "Specify the variable name";
                }
              }  // container rvalue

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf operator {
                type enumeration {
                  enum "addition" {
                    value 0;
                    description
                      "Perform operation 'addition'";
                  }
                  enum "subtraction" {
                    value 1;
                    description
                      "Perform operation 'subtraction'";
                  }
                  enum "multiplication" {
                    value 2;
                    description
                      "Perform operation 'multiplication'";
                  }
                  enum "division" {
                    value 3;
                    description
                      "Perform operation 'division'";
                  }
                  enum "right-shift" {
                    value 4;
                    description
                      "Perform operation 'right shift'";
                  }
                  enum "left-shift" {
                    value 5;
                    description
                      "Perform operation 'left shift'";
                  }
                }
                description
                  "Specify the operation to perform on extracted value";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }

              leaf result {
                type string;
                description
                  "Specify the variable name to which result should be stored";
              }
            }  // container byte-math

            container byte-jump {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the byte-jump parameters for signature in length encoded protocols";
              leaf bytes {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10";
                  }
                }
                description
                  "Specify the number of bytes to extract from packet";
              }

              container offset {
                description
                  "Mention the offset variable name or offset value to be used";
                leaf offset-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "0 .. 65535";
                    }
                  }
                  description
                    "Specify the number of bytes in to payload to start processing";
                }

                leaf offset-variable {
                  type string;
                  description
                    "Specify the name of the offset variable";
                }
              }  // container offset

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf multiplier {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Specify the value to be multiplied against the bytes read";
              }

              leaf endianness {
                type enumeration {
                  enum "Little" {
                    value 0;
                    description
                      "Process data in little endian";
                  }
                  enum "Big" {
                    value 1;
                    description
                      "Process data in big endian";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf align {
                type enumeration {
                  enum "4-byte" {
                    value 0;
                    description
                      "Round the number of converted bytes to 4-byte boundary";
                  }
                }
                description
                  "Specify the endianness with which bytes read should be processed";
              }

              leaf string {
                type enumeration {
                  enum "hex" {
                    value 0;
                    description
                      "Process data in hexadecimal format";
                  }
                  enum "dec" {
                    value 1;
                    description
                      "Process data in decimal format";
                  }
                  enum "oct" {
                    value 2;
                    description
                      "Process data in octal format";
                  }
                }
                description
                  "Specify the data type in which string data should be parsed";
              }

              leaf bitmask {
                type string;
                description
                  "Specify the bitmask (1-4 bytes) for AND operation in hexadecimal format";
              }

              leaf from-beginning {
                type empty;
                description
                  "Enable jump from the beginning of the payload";
              }

              leaf from-end {
                type empty;
                description
                  "Enable jump from the end of the payload";
              }

              leaf post-offset {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type int32 {
                    range "-65535 .. 65535";
                  }
                }
                description
                  "Specify the number of bytes to skip forward or backward";
              }
            }  // container byte-jump

            container is-data-at {
              junos:must "(".. pattern")";
              junos:must-message "Content pattern must be specified";
              description
                "Mention the is-data-at parameters for signature in length encoded protocols";
              container offset {
                description
                  "Mention the offset variable name or offset value to be used";
                leaf offset-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "0 .. 65535";
                    }
                  }
                  description
                    "Specify the number of bytes in to payload to start processing";
                }

                leaf offset-variable {
                  type string;
                  description
                    "Specify the name of the offset variable";
                }
              }  // container offset

              leaf relative {
                type empty;
                description
                  "Specify whether to use an offset relative to last pattern match or not";
              }

              leaf negate {
                type empty;
                description
                  "Negates the results of the isdataat test";
              }
            }  // container is-data-at
          }  // container content

          container optional-parameters {
            junos:must "(".. pattern-pcre")";
            junos:must-message "Applicable only for pattern-pcre defined signatures";
            description
              "Mention the optional parameters to enhance pattern matching";
            leaf min-offset {
              type union {
                type uint64;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Minimum offset in data at which pattern-match can end";
            }

            leaf max-offset {
              type union {
                type uint64;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Maximum offset in data at which pattern-match can end";
            }

            leaf min-length {
              type union {
                type uint64;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Minimum match length required to match the pattern";
            }

            leaf edit-distance {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Match the pattern within this edit distance";
            }

            leaf hamming-distance {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Match the pattern within this hamming distance";
            }
          }  // container optional-parameters

          leaf regexp {
            junos:must "((".. pattern" || ".. pattern-pcre"))";
            junos:must-message "A pattern or pattern-pcre must be defined ";
            type string {
              length "0 .. 511";
            }
            description
              "Regular expression used for matching repetition of patterns";
          }

          leaf negate {
            junos:must "(!((".. context normalized-stream" || (".. context normalized-stream256" || (".. context normalized-stream1k" || ".. context normalized-stream8k")))))";
            junos:must-message "Negation not supported for normalized-stream contexts";
            junos:must "(!((".. context stream" || (".. context stream256" || (".. context stream1k" || ".. context stream8k")))))";
            junos:must-message "Negation not supported for stream contexts";
            type empty;
            description
              "Trigger the attack if condition is not met";
          }

          leaf direction {
            type enumeration {
              enum "client-to-server" {
                value 0;
                description
                  "Client to Server";
              }
              enum "server-to-client" {
                value 1;
                description
                  "Server to Client";
              }
              enum "any" {
                value 2;
                description "Any direction";
              }
            }
            description
              "Connection direction of the attack";
          }

          leaf shellcode {
            type enumeration {
              enum "intel" {
                value 0;
                description
                  "Detect shellcode for intel platforms";
              }
              enum "sparc" {
                value 1;
                description
                  "Detect shellcode for sparc platforms";
              }
              enum "all" {
                value 2;
                description
                  "Detect shellcode for both intel and sparc platforms";
              }
              enum "no-shellcode" {
                value 3;
                description
                  "Do not detect shellcode";
              }
            }
            description
              "Specify shellcode flag for this attack";
          }

          container protocol {
            description
              "Protocol header matches";
            uses apply-advanced;

            container ipv4 {
              description
                "IPv4 protocol parameters";
              uses apply-advanced;

              container tos {
                presence "enable tos";
                description
                  "Type of Service";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container tos

              container ihl {
                presence "enable ihl";
                description
                  "Header length in words";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 15";
                    }
                  }
                  description "Match value";
                }
              }  // container ihl

              container total-length {
                presence
                  "enable total-length";
                description
                  "Total Length of IP datagram";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container total-length

              container identification {
                presence
                  "enable identification";
                description
                  "Fragment Identification";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container identification

              container ip-flags {
                presence "enable ip-flags";
                description "IP Flag bits";
                choice rb-choice {
                  leaf rb {
                    type empty;
                    description
                      "Reserved bit";
                  }
                  leaf no-rb {
                    type empty;
                    description
                      "Don't reserved bit";
                  }
                }  // choice rb-choice

                choice mf-choice {
                  leaf mf {
                    type empty;
                    description
                      "More Fragment bit";
                  }
                  leaf no-mf {
                    type empty;
                    description
                      "Don't more Fragment bit";
                  }
                }  // choice mf-choice

                choice df-choice {
                  leaf df {
                    type empty;
                    description
                      "Don't Fragment bit";
                  }
                  leaf no-df {
                    type empty;
                    description
                      "Don't don't Fragment bit";
                  }
                }  // choice df-choice
              }  // container ip-flags

              container ttl {
                presence "enable ttl";
                description "Time to live";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container ttl

              container protocol {
                presence "enable protocol";
                description
                  "Transport layer protocol";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container protocol

              container source {
                presence "enable source";
                description
                  "Source IP-address/Hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv4addr;
                  description "Match value";
                }
              }  // container source

              container destination {
                presence
                  "enable destination";
                description
                  "Destination IP-address/Hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv4addr;
                  description "Match value";
                }
              }  // container destination

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container ipv4

            container ipv6 {
              description
                "IPv6 protocol parameters";
              uses apply-advanced;

              container traffic-class {
                presence
                  "enable traffic-class";
                description
                  "Traffic class. Similar to TOS in IPv4";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container traffic-class

              container payload-length {
                presence
                  "enable payload-length";
                description
                  "Length of the payload in the IPv6 datagram";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container payload-length

              container flow-label {
                presence "enable flow-label";
                description
                  "Flow label identification";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 1048575";
                    }
                  }
                  description "Match value";
                }
              }  // container flow-label

              container hop-limit {
                presence "enable hop-limit";
                description "Hop limit";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container hop-limit

              container next-header {
                presence
                  "enable next-header";
                description
                  "The header following the basic IPv6 header";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container next-header

              container source {
                presence "enable source";
                description
                  "Source IP-address or hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv6addr;
                  description "Match value";
                }
              }  // container source

              container destination {
                presence
                  "enable destination";
                description
                  "Destination IP-address or hostname";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type jt:ipv6addr;
                  description "Match value";
                }
              }  // container destination

              container extension-header {
                description
                  "IPv6 Extension headers";
                uses apply-advanced;

                container routing-header {
                  presence
                    "enable routing-header";
                  description
                    "IPv6 Routing extension header";
                  uses apply-advanced;

                  container header-type {
                    description
                      "Routing header type";
                    uses apply-advanced;

                    leaf match {
                      type enumeration {
                        enum "equal" {
                          value 0;
                          description
                            "Match when value in packet is exact match";
                        }
                        enum "greater-than" {
                          value 1;
                          description
                            "Match when value in packet is greater";
                        }
                        enum "less-than" {
                          value 2;
                          description
                            "Match when value in packet is less";
                        }
                        enum "not-equal" {
                          value 3;
                          description
                            "Match when value in packet is not exact match";
                        }
                      }
                      description
                        "Match condition";
                    }

                    leaf value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range "0 .. 255";
                        }
                      }
                      description
                        "Match value";
                    }
                  }  // container header-type
                }  // container routing-header

                container destination-option {
                  description
                    "IPv6 Destination option extension header";
                  uses apply-advanced;

                  container option-type {
                    description
                      "Destination option header type";
                    uses apply-advanced;

                    leaf match {
                      type enumeration {
                        enum "equal" {
                          value 0;
                          description
                            "Match when value in packet is exact match";
                        }
                        enum "greater-than" {
                          value 1;
                          description
                            "Match when value in packet is greater";
                        }
                        enum "less-than" {
                          value 2;
                          description
                            "Match when value in packet is less";
                        }
                        enum "not-equal" {
                          value 3;
                          description
                            "Match when value in packet is not exact match";
                        }
                      }
                      description
                        "Match condition";
                    }

                    leaf value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range "0 .. 255";
                        }
                      }
                      description
                        "Match value";
                    }
                  }  // container option-type

                  container home-address {
                    description
                      "IPv6 Home address of the mobile node";
                    uses apply-advanced;

                    leaf match {
                      type enumeration {
                        enum "equal" {
                          value 0;
                          description
                            "Match when value in packet is exact match";
                        }
                        enum "greater-than" {
                          value 1;
                          description
                            "Match when value in packet is greater";
                        }
                        enum "less-than" {
                          value 2;
                          description
                            "Match when value in packet is less";
                        }
                        enum "not-equal" {
                          value 3;
                          description
                            "Match when value in packet is not exact match";
                        }
                      }
                      description
                        "Match condition";
                    }

                    leaf value {
                      type jt:ipv6addr;
                      description
                        "Match value";
                    }
                  }  // container home-address
                }  // container destination-option
              }  // container extension-header
            }  // container ipv6

            container tcp {
              junos:must "((!(".. udp") && !(".. icmp")))";
              junos:must-message "tcp cannot be specified with udp or icmp";
              description
                "TCP protocol parameters";
              uses apply-advanced;

              container source-port {
                presence
                  "enable source-port";
                description "Source port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container source-port

              container destination-port {
                presence
                  "enable destination-port";
                description
                  "Destination port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container destination-port

              container sequence-number {
                presence
                  "enable sequence-number";
                description
                  "Sequence Number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "0 .. 4294967295";
                    }
                  }
                  description "Match value";
                }
              }  // container sequence-number

              container ack-number {
                presence "enable ack-number";
                description
                  "Acknowledgement Number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range
                        "0 .. 4294967295";
                    }
                  }
                  description "Match value";
                }
              }  // container ack-number

              container header-length {
                presence
                  "enable header-length";
                description
                  "Header Length in words";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 15";
                    }
                  }
                  description "Match value";
                }
              }  // container header-length

              container reserved {
                presence "enable reserved";
                description
                  "Three reserved bits";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 7";
                    }
                  }
                  description "Match value";
                }
              }  // container reserved

              container window-size {
                presence
                  "enable window-size";
                description "Window Size";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container window-size

              container urgent-pointer {
                presence
                  "enable urgent-pointer";
                description "Urgent Pointer";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container urgent-pointer

              container tcp-flags {
                presence "enable tcp-flags";
                description
                  "TCP header flags";
                choice r1-choice {
                  leaf r1 {
                    type empty;
                    description
                      "Set Reserverd bit 1";
                  }
                  leaf no-r1 {
                    type empty;
                    description
                      "Don't set Reserverd bit 1";
                  }
                }  // choice r1-choice

                choice r2-choice {
                  leaf r2 {
                    type empty;
                    description
                      "Set Reserved bit 2";
                  }
                  leaf no-r2 {
                    type empty;
                    description
                      "Don't set Reserved bit 2";
                  }
                }  // choice r2-choice

                choice urg-choice {
                  leaf urg {
                    type empty;
                    description
                      "Set Urgent bit";
                  }
                  leaf no-urg {
                    type empty;
                    description
                      "Don't set Urgent bit";
                  }
                }  // choice urg-choice

                choice ack-choice {
                  leaf ack {
                    type empty;
                    description
                      "Set Acknowledge bit";
                  }
                  leaf no-ack {
                    type empty;
                    description
                      "Don't set Acknowledge bit";
                  }
                }  // choice ack-choice

                choice psh-choice {
                  leaf psh {
                    type empty;
                    description
                      "Set Push bit";
                  }
                  leaf no-psh {
                    type empty;
                    description
                      "Don't set Push bit";
                  }
                }  // choice psh-choice

                choice rst-choice {
                  leaf rst {
                    type empty;
                    description
                      "Set Reset bit";
                  }
                  leaf no-rst {
                    type empty;
                    description
                      "Don't set Reset bit";
                  }
                }  // choice rst-choice

                choice syn-choice {
                  leaf syn {
                    type empty;
                    description
                      "Set SYN bit";
                  }
                  leaf no-syn {
                    type empty;
                    description
                      "Don't set SYN bit";
                  }
                }  // choice syn-choice

                choice fin-choice {
                  leaf fin {
                    type empty;
                    description
                      "Set FINish bit";
                  }
                  leaf no-fin {
                    type empty;
                    description
                      "Don't set FINish bit";
                  }
                }  // choice fin-choice
              }  // container tcp-flags

              container option {
                presence "enable option";
                description "Kind";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container option

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IP datagram subtracted by TCP header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container window-scale {
                presence
                  "enable window-scale";
                description "Window scale";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container window-scale

              container mss {
                presence "enable mss";
                description
                  "Maximum Segment Size";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container mss

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container tcp

            container udp {
              junos:must "((!(".. tcp") && !(".. icmp")))";
              junos:must-message "udp cannot be specified with tcp or icmp";
              description
                "UDP protocol parameters";
              uses apply-advanced;

              container source-port {
                presence
                  "enable source-port";
                description "Source port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container source-port

              container destination-port {
                presence
                  "enable destination-port";
                description
                  "Destination port";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container destination-port

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IP datagram subtracted by UDP header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container udp

            container icmp {
              junos:must "((!(".. udp") && (!(".. tcp") && !(".. icmpv6"))))";
              junos:must-message "icmp cannot be specified with tcp or udp or icmpv6";
              description
                "ICMP protocol parameters";
              uses apply-advanced;

              container type {
                presence "enable type";
                description "Type";
                uses apply-advanced;

                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container type

              container code {
                presence "enable code";
                description "Code";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container code

              container identification {
                presence
                  "enable identification";
                description
                  "Identifier in echo request/reply";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container identification

              container sequence-number {
                presence
                  "enable sequence-number";
                description
                  "Sequence Number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container sequence-number

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IP datagram subtracted by ICMP header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container icmp

            container icmpv6 {
              junos:must "((!(".. udp") && (!(".. tcp") && !(".. icmp"))))";
              junos:must-message "icmpv6 cannot be specified with tcp or udp or icmp";
              description
                "ICMPv6 protocol parameters";
              uses apply-advanced;

              container type {
                presence "enable type";
                description "Type";
                uses apply-advanced;

                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container type

              container code {
                presence "enable code";
                description "Code";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container code

              container identification {
                presence
                  "enable identification";
                description
                  "Identifier in echo request/reply";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container identification

              container sequence-number {
                presence
                  "enable sequence-number";
                description
                  "Sequence number";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  description "Match value";
                }
              }  // container sequence-number

              container data-length {
                presence
                  "enable data-length";
                description
                  "Size of IPv6 datagram subtracted by ICMPv6 header length";
                leaf match {
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when value in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when value in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when value in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when value in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description "Match value";
                }
              }  // container data-length

              container checksum-validate {
                presence
                  "enable checksum-validate";
                description
                  "Validate checksum field against calculated checksum";
                leaf match {
                  junos:must "(".. value")";
                  junos:must-message "Missing mandatory statement: 'value'";
                  type enumeration {
                    enum "equal" {
                      value 0;
                      description
                        "Match when checksum field in packet is exact match";
                    }
                    enum "greater-than" {
                      value 1;
                      description
                        "Match when checksum field in packet is greater";
                    }
                    enum "less-than" {
                      value 2;
                      description
                        "Match when checksum field in packet is less";
                    }
                    enum "not-equal" {
                      value 3;
                      description
                        "Match when checksum field in packet is not exact match";
                    }
                  }
                  description
                    "Match condition";
                }

                leaf value {
                  junos:must "(".. match")";
                  junos:must-message "Missing mandatory statement: 'match'";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 65535";
                    }
                  }
                  default "0";
                  description "Match value";
                }
              }  // container checksum-validate
            }  // container icmpv6
          }  // container protocol
        }  // container signature

        container anomaly {
          junos:must "(!(".. signature"))";
          junos:must-message "Only one attack type is permitted";
          description "Protocol anomaly";
          uses apply-advanced;

          leaf test {
            type string;
            description
              "Protocol anomaly condition to be checked";
          }

          leaf direction {
            type enumeration {
              enum "client-to-server" {
                value 0;
                description
                  "From Client to Server";
              }
              enum "server-to-client" {
                value 1;
                description
                  "From Server to Client";
              }
              enum "any" {
                value 2;
                description "Any direction";
              }
            }
            description "Direction";
          }

          leaf shellcode {
            type enumeration {
              enum "intel" {
                value 0;
                description
                  "Detect shellcode for intel platforms";
              }
              enum "sparc" {
                value 1;
                description
                  "Detect shellcode for sparc platforms";
              }
              enum "all" {
                value 2;
                description
                  "Detect shellcode for both intel and sparc platforms";
              }
              enum "no-shellcode" {
                value 3;
                description
                  "Do not detect shellcode";
              }
            }
            description
              "Specify shellcode flag for this attack";
          }
        }  // container anomaly
      }  // container attack-type
    }  // grouping chain-member-type

    grouping custom-message-type {
      description
        "Configure custom-message object";
      leaf name {
        type string {
          junos:posix-pattern "^[a-zA-Z_]+[a-zA-Z_0-9-]*$";
          junos:pattern-message "Must be a string beginning with a letter or underscore and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 59";
        }
        description
          "Configure name of custom-message object";
      }

      uses apply-advanced;

      leaf type {
        type enumeration {
          enum "redirect-url" {
            value 0;
            description "Redirect URL";
          }
          enum "user-message" {
            value 1;
            description "User message";
          }
          enum "custom-page" {
            value 2;
            description "Customer page";
          }
        }
        description "Type of custom message";
      }

      choice contents {
        leaf content {
          type string {
            length "1 .. 1024";
          }
          description
            "Content of custom message";
        }
        leaf custom-page-file {
          type string {
            length "1 .. 64";
          }
          description
            "Name of custom page file";
        }
      }  // choice contents
    }  // grouping custom-message-type

    grouping default-anti-spam-feature {
      description "Anti-spam feature";
      uses apply-advanced;

      leaf type {
        type enumeration {
          enum "sbl" {
            value 0;
            description
              "Anti-spam sophos sbl";
          }
          enum "anti-spam-none" {
            value 1;
          }
        }
        description "Anti-spam type";
      }

      leaf address-whitelist {
        junos:must "("security utm custom-objects url-pattern $$")";
        junos:must-message "url-pattern must be defined";
        type string;
        description "Anti-spam whitelist";
      }

      leaf address-blacklist {
        junos:must "("security utm custom-objects url-pattern $$")";
        junos:must-message "url-pattern must be defined";
        type string;
        description "Anti-spam blacklist";
      }

      container traceoptions {
        description
          "Trace options for anti-spam feature";
        uses anti-spam-traceoptions;
      }  // container traceoptions

      container sbl {
        presence "enable sbl";
        description "SBL settings";
        uses default-sbl-type;
      }  // container sbl
    }  // grouping default-anti-spam-feature

    grouping anti-spam-traceoptions {
      description
        "Trace options for anti-spam  feature";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Trace options for anti-spam feature flag";
        leaf name {
          type enumeration {
            enum "manager" {
              value 0;
              description
                "Trace anti-spam manager information";
            }
            enum "sbl" {
              value 1;
              description
                "Trace SBL server information";
            }
            enum "all" {
              value 2;
              description
                "Enable trace all anti-spam trace options";
            }
          }
          description
            "Trace options for anti-spam feature flag name";
        }
      }  // list flag
    }  // grouping anti-spam-traceoptions

    grouping default-anti-virus-feature {
      description "Anti-virus feature";
      uses apply-advanced;

      container mime-whitelist {
        description
          "Anti-virus MIME whitelist";
        uses apply-advanced;

        leaf list {
          junos:must "("security utm custom-objects mime-pattern $$")";
          junos:must-message "mime-pattern must be defined";
          type string;
          description "MIME list";
        }

        leaf exception {
          junos:must "("security utm custom-objects mime-pattern $$")";
          junos:must-message "mime-pattern must be defined";
          type string;
          description
            "Exception settings for MIME white list";
        }
      }  // container mime-whitelist

      leaf url-whitelist {
        type string;
        description
          "Anti-virus URL white list";
      }

      leaf type {
        type enumeration {
          enum "sophos-engine" {
            value 0;
            description
              "Anti-virus sophos-engine";
          }
          enum "avira-engine" {
            value 1;
            description
              "Anti-virus avira-engine";
          }
          enum "anti-virus-none" {
            value 2;
          }
        }
        default "anti-virus-none";
        description "Anti-virus engine type";
      }

      container forwarding-mode {
        description
          "Anti-virus forwarding mode";
        uses apply-advanced;

        leaf hold {
          type empty;
          description
            "Hold mode (hold file until analysis is complete, default is CDF mode)";
        }

        leaf inline-tap {
          type empty;
          description
            "Detect-only mode without blocking (default is off)";
        }
      }  // container forwarding-mode

      container scan-options {
        presence "enable scan-options";
        description
          "Anti-virus scan options";
        uses apply-advanced;

        choice pre-detection-choice {
          leaf pre-detection {
            type empty;
            description
              "Anti-virus Pre-Detection";
          }
          leaf no-pre-detection {
            type empty;
            description
              "Don't anti-virus Pre-Detection";
          }
        }  // choice pre-detection-choice

        choice uri-check-choice {
          leaf uri-check {
            type empty;
            description
              "Anti-virus uri-check";
          }
          leaf no-uri-check {
            type empty;
            description
              "Don't anti-virus uri-check";
          }
        }  // choice uri-check-choice

        leaf content-size-limit {
          type string;
          units "kilobytes";
          description "Content size limit";
        }

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "seconds";
          description "Scan engine timeout";
        }

        leaf decompress-layer-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 10";
            }
          }
          description
            "Decompress layer limit";
        }
      }  // container scan-options

      container trickling {
        presence "enable trickling";
        description "Anti-virus trickling";
        uses anti-virus-trickling;
      }  // container trickling

      container notification-options {
        presence
          "enable notification-options";
        description
          "Anti-virus notification options";
        uses anti-virus-notification-options;
      }  // container notification-options

      container fallback-options {
        presence "enable fallback-options";
        description
          "Anti-virus fallback options";
        uses av-fallback-settings;
      }  // container fallback-options

      container traceoptions {
        description
          "Trace options for anti-virus feature";
        uses anti-virus-traceoptions;
      }  // container traceoptions

      container avira-engine {
        description
          "Anti-virus Avira-engine";
        uses apply-advanced;

        container pattern-update {
          presence "enable pattern-update";
          description
            "Anti-virus avira-engine pattern update";
          uses anti-virus-pattern-update;
        }  // container pattern-update
      }  // container avira-engine

      container sophos-engine {
        description
          "Anti-virus sophos-engine";
        uses apply-advanced;

        container server {
          description
            "SAV and Anti-Spam first hop DNS server";
          uses apply-advanced;

          leaf ip {
            type jt:ipaddr;
            description
              "SAV and Anti-Spam first hop DNS server ip";
          }

          leaf routing-instance {
            junos:must "("routing-instances $$")";
            junos:must-message "Routing-instance must be defined";
            type string;
            description
              "Routing instance name";
          }

          leaf source-address {
            type jt:ipaddr;
            description
              "Source ip address used to connect server";
          }
        }  // container server

        leaf sxl-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 5";
            }
          }
          units "seconds";
          default "2";
          description
            "Sxl sophos anti-virus engine timeout";
        }

        leaf sxl-retry {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 5";
            }
          }
          default "1";
          description
            "Sxl sophos anti-virus engine query retry (number of times)";
        }

        container pattern-update {
          presence "enable pattern-update";
          description
            "Anti-virus sophos-engine pattern update";
          uses anti-virus-pattern-update;
        }  // container pattern-update

        container fallback-options {
          presence "enable fallback-options";
          status deprecated;
          description
            "Anti-virus sophos-engine fallback options";
          uses av-fallback-settings;
        }  // container fallback-options

        container scan-options {
          presence "enable scan-options";
          status deprecated;
          description
            "Anti-virus sophos-engine scan options";
          uses default-sophos-scan-options;
        }  // container scan-options

        container trickling {
          presence "enable trickling";
          status deprecated;
          description "Anti-virus trickling";
          uses anti-virus-trickling;
        }  // container trickling

        container notification-options {
          presence
            "enable notification-options";
          status deprecated;
          description
            "Anti-virus notification options";
          uses anti-virus-notification-options;
        }  // container notification-options
      }  // container sophos-engine
    }  // grouping default-anti-virus-feature

    grouping default-content-filtering-feature {
      description
        "Content-filtering feature";
      uses apply-advanced;

      leaf type {
        type enumeration {
          enum "local" {
            value 0;
            description
              "Content-filtering local";
          }
          enum "content-filtering-none" {
            value 1;
          }
        }
        default "local";
        description "Content-filtering type";
      }

      container traceoptions {
        description
          "Trace options for content-filtering feature";
        uses content-filtering-traceoptions;
      }  // container traceoptions

      leaf permit-command {
        junos:must "("security utm custom-objects protocol-command $$")";
        junos:must-message "protocol-command must be defined";
        type string;
        description "Permit command list";
      }

      leaf block-command {
        junos:must "("security utm custom-objects protocol-command $$")";
        junos:must-message "protocol-command must be defined";
        type string;
        description "Block command list";
      }

      leaf block-extension {
        junos:must "("security utm custom-objects filename-extension $$")";
        junos:must-message "filename-extension must be defined";
        type string;
        description "Block extension list";
      }

      container block-mime {
        presence "enable block-mime";
        description
          "Content-filtering feature block MIME";
        uses apply-advanced;

        leaf list {
          junos:must "("security utm custom-objects mime-pattern $$")";
          junos:must-message "mime-pattern must be defined";
          type string;
          description "Block MIME list";
        }

        leaf exception {
          junos:must "("security utm custom-objects mime-pattern $$")";
          junos:must-message "mime-pattern must be defined";
          type string;
          description
            "Exception of block MIME list";
        }
      }  // container block-mime

      container block-content-type {
        description
          "Content-filtering feature block content type";
        uses apply-advanced;

        leaf activex {
          type empty;
          description "Block activex";
        }

        leaf java-applet {
          type empty;
          description "Block Java-applet";
        }

        leaf exe {
          type empty;
          description
            "Block Windows/dos exe file";
        }

        leaf zip {
          type empty;
          description "Block zip file";
        }

        leaf http-cookie {
          type empty;
          description "Block HTTP cookie";
        }
      }  // container block-content-type

      container notification-options {
        presence
          "enable notification-options";
        description "Notification options";
        uses apply-advanced;

        leaf type {
          type enumeration {
            enum "protocol-only" {
              value 0;
              description
                "Notification in protocol level";
            }
            enum "message" {
              value 1;
              description
                "Notification in message";
            }
          }
          description
            "Notification options type";
        }

        choice notify-mail-sender-choice {
          leaf notify-mail-sender {
            type empty;
            description
              "Notifiy mail sender";
          }
          leaf no-notify-mail-sender {
            type empty;
            description
              "Don't notifiy mail sender";
          }
        }  // choice notify-mail-sender-choice

        leaf custom-message {
          type string {
            length "1 .. 512";
          }
          description
            "Custom notification message";
        }
      }  // container notification-options
    }  // grouping default-content-filtering-feature

    grouping content-filtering-traceoptions {
      description
        "Trace options for content-filtering feature";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Trace options for content-filtering feature flag";
        leaf name {
          type enumeration {
            enum "basic" {
              value 0;
              description
                "Trace content-filtering basic information";
            }
            enum "detail" {
              value 1;
              description
                "Trace content-filtering detail information";
            }
            enum "all" {
              value 2;
              description
                "Enable trace all content-filtering trace options";
            }
          }
          description
            "Trace options for content-filtering feature flag name";
        }
      }  // list flag
    }  // grouping content-filtering-traceoptions

    grouping default-sbl-type {
      description "SBL type";
      uses apply-advanced;

      choice sbl-default-server-choice {
        leaf sbl-default-server {
          type empty;
          description "Default SBL server";
        }
        leaf no-sbl-default-server {
          type empty;
          description
            "Don't default SBL server";
        }
      }  // choice sbl-default-server-choice

      leaf spam-action {
        type enumeration {
          enum "block" {
            value 0;
            description "Block e-mail";
          }
          enum "tag-header" {
            value 1;
            description
              "Tag header of e-mail";
          }
          enum "tag-subject" {
            value 2;
            description
              "Tag subject of e-mail";
          }
        }
        default "tag-subject";
        description "Anti-spam actions";
      }

      leaf custom-tag-string {
        type string {
          length "1 .. 512";
        }
        description "Custom tag string";
      }
    }  // grouping default-sbl-type

    grouping default-sophos-scan-options {
      description "Anti-virus scan options";
      uses apply-advanced;

      choice uri-check-choice {
        leaf uri-check {
          type empty;
          description "Anti-virus uri-check";
        }
        leaf no-uri-check {
          type empty;
          description
            "Don't anti-virus uri-check";
        }
      }  // choice uri-check-choice

      leaf content-size-limit {
        type string;
        units "kilobytes";
        default "10000";
        description "Content size limit";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1800";
          }
        }
        units "seconds";
        description "Scan engine timeout";
      }
    }  // grouping default-sophos-scan-options

    grouping default-webfilter-feature {
      description
        "Web-filtering feature settings";
      uses apply-advanced;

      leaf url-whitelist {
        type string;
        description
          "Configure custom URL for whitelist category";
      }

      leaf url-blacklist {
        type string;
        description
          "Configure custom URL for blacklist category";
      }

      leaf http-reassemble {
        type empty;
        description
          "Reassemble HTTP request segments";
      }

      leaf http-persist {
        type empty;
        description
          "Check all HTTP request in a connection";
      }

      leaf type {
        type enumeration {
          enum "websense-redirect" {
            value 0;
          }
          enum "juniper-local" {
            value 1;
          }
          enum "juniper-enhanced" {
            value 2;
          }
          enum "web-filtering-none" {
            value 3;
          }
        }
        default "web-filtering-none";
        description
          "Configure web-filtering engine type";
      }

      container traceoptions {
        description
          "Trace options for web-filtering feature";
        uses web-filtering-traceoptions;
      }  // container traceoptions

      container websense-redirect {
        description
          "Configure web-filtering websense redirect engine";
        uses default-websense-type;
      }  // container websense-redirect

      container juniper-local {
        description
          "Configure web-filtering juniper local engine";
        uses default-juniper-local-type;
      }  // container juniper-local

      container juniper-enhanced {
        description
          "Configure web-filtering juniper enhanced engine";
        uses default-juniper-enhanced-type;
      }  // container juniper-enhanced
    }  // grouping default-webfilter-feature

    grouping default-juniper-enhanced-type {
      description "Juniper Enhanced";
      uses apply-advanced;

      container cache {
        presence "enable cache";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "minutes";
          default "1440";
          description
            "Juniper enhanced cache timeout";
        }

        leaf size {
          type string;
          units "kilobytes";
          default "1024";
          description
            "Juniper enhanced cache size";
        }
      }  // container cache

      container server {
        presence "enable server";
        description
          "Juniper enhanced server";
        uses juniper-enhanced-server;
      }  // container server

      container reputation {
        presence "enable reputation";
        description
          "Customize reputation level";
        uses apply-advanced;

        leaf reputation-very-safe {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          default "90";
          description
            "Base-reputation-value (default 90)";
        }

        leaf reputation-moderately-safe {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          default "80";
          description
            "Base-reputation-value (default 80)";
        }

        leaf reputation-fairly-safe {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          default "70";
          description
            "Base-reputation-value (default 70)";
        }

        leaf reputation-suspicious {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          default "60";
          description
            "Base-reputation-value (default 60)";
        }
      }  // container reputation

      leaf query-type {
        type enumeration {
          enum "url-ip" {
            value 0;
            description
              "Query category by URL and IP address";
          }
          enum "url" {
            value 1;
            description
              "Query category by URL only";
          }
        }
        description
          "Juniper enhanced query type";
      }

      leaf base-filter {
        type string;
        description "Juniper base filter";
      }

      list category {
        key "name";
        ordered-by user;
        description
          "Juniper enhanced category";
        uses juniper-enhanced-category-type;
      }  // list category

      container site-reputation-action {
        presence
          "enable site-reputation-action";
        description
          "Juniper enhanced site reputation action";
        uses juniper-enhanced-site-reputation-setting;
      }  // container site-reputation-action

      leaf default {
        type enumeration {
          enum "permit" {
            value 0;
            description "Permit action";
          }
          enum "block" {
            value 1;
            description "Block action";
          }
          enum "log-and-permit" {
            value 2;
            description
              "Log and permit action";
          }
          enum "quarantine" {
            value 3;
            description "Quarantine action";
          }
        }
        description
          "Juniper enhanced profile default";
      }

      leaf custom-message {
        junos:must "("security utm custom-objects custom-message $$")";
        junos:must-message "custom-message must be defined";
        type string;
        description "Custom message";
      }

      container fallback-settings {
        presence "enable fallback-settings";
        description
          "Juniper enhanced fallback settings";
        uses web-filtering-fallback-setting;
      }  // container fallback-settings

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        units "seconds";
        default "15";
        description
          "Juniper enhanced timeout";
      }

      leaf no-safe-search {
        type empty;
        description
          "Do not perform safe-search for Juniper enhanced protocol";
      }
    }  // grouping default-juniper-enhanced-type

    grouping default-juniper-local-type {
      description "Juniper local";
      uses apply-advanced;

      leaf default {
        type enumeration {
          enum "permit" {
            value 0;
            description "Permit action";
          }
          enum "block" {
            value 1;
            description "Block action";
          }
          enum "log-and-permit" {
            value 2;
            description
              "Log and permit action";
          }
        }
        description
          "Juniper local profile default";
      }

      list category {
        key "name";
        ordered-by user;
        description "Custom category";
        uses custom-category-type;
      }  // list category

      leaf custom-message {
        junos:must "("security utm custom-objects custom-message $$")";
        junos:must-message "custom-message must be defined";
        type string;
        description "Custom message";
      }

      leaf no-safe-search {
        type empty;
        description
          "Do not perform safe-search for Juniper local protocol";
      }

      container fallback-settings {
        presence "enable fallback-settings";
        description
          "Juniper local fallback settings";
        uses web-filtering-fallback-setting;
      }  // container fallback-settings

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1800";
          }
        }
        units "seconds";
        default "15";
        description "Juniper local timeout";
      }
    }  // grouping default-juniper-local-type

    grouping custom-category-type {
      description "Custom category type";
      leaf name {
        junos:must "("security utm custom-objects custom-url-category $$")";
        junos:must-message "custom-url-category must be defined";
        type string {
          length "1 .. 59";
        }
        description
          "Name of custom category";
      }

      uses apply-advanced;

      leaf action {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action to perform when web traffic matches category";
      }

      leaf custom-message {
        junos:must "("security utm custom-objects custom-message $$")";
        junos:must-message "custom-message must be defined";
        type string;
        description "Custom message";
      }
    }  // grouping custom-category-type

    grouping default-websense-type {
      description "Websense redirect";
      uses apply-advanced;

      container server {
        presence "enable server";
        description
          "Websense redirect server";
        uses server;
      }  // container server

      list category {
        key "name";
        ordered-by user;
        description "Custom category";
        uses custom-category-type;
      }  // list category

      leaf custom-message {
        junos:must "("security utm custom-objects custom-message $$")";
        junos:must-message "custom-message must be defined";
        type string;
        description "Custom message";
      }

      leaf no-safe-search {
        type empty;
        description
          "Do not perform safe-search for websense redirect protocol";
      }

      container fallback-settings {
        presence "enable fallback-settings";
        description
          "Websense redirect fallback settings";
        uses web-filtering-fallback-setting;
      }  // container fallback-settings

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1800";
          }
        }
        units "seconds";
        default "15";
        description
          "Websense redirect timeout";
      }

      leaf sockets {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 32";
          }
        }
        default "32";
        description
          "Websense redirect sockets number";
      }

      leaf account {
        type string {
          length "1 .. 28";
        }
        description
          "Websense redirect account";
      }
    }  // grouping default-websense-type

    grouping dnsf-traceoptions-object {
      description
        "URL filtering trace options";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description
          "Tracing flag parameters";
        leaf name {
          type enumeration {
            enum "normal" {
              value 0;
              description
                "Trace normal events";
            }
            enum "config" {
              value 1;
              description
                "Trace dns filtering config events";
            }
            enum "dns" {
              value 2;
              description
                "Trace url filtering DNS crawler events";
            }
            enum "timer" {
              value 3;
              description
                "Trace url filtering timer events";
            }
            enum "connect" {
              value 4;
              description
                "Trace url filtering ipc events";
            }
            enum "parse" {
              value 5;
              description
                "Trace url filtering parse events";
            }
            enum "statistics" {
              value 6;
              description
                "Trace url filtering statistics events";
            }
            enum "system" {
              value 7;
              description
                "Trace url filtering system events";
            }
            enum "operational-commands" {
              value 8;
              description
                "Trace url filtering show events";
            }
            enum "filter" {
              value 9;
              description
                "Trace url filtering filter programming events";
            }
            enum "gencfg" {
              value 10;
              description
                "Trace url filtering gencfg events";
            }
            enum "routing" {
              value 11;
              description
                "Trace url filtering route programming events";
            }
            enum "snmp" {
              value 12;
              description
                "Trace url filtering snmp events";
            }
            enum "all" {
              value 13;
              description "Trace everything";
            }
          }
        }
      }  // list flag
    }  // grouping dnsf-traceoptions-object

    grouping dynamic-attack-group-type {
      description
        "Define dynamic attack group";
      leaf name {
        type string;
        description
          "Name of the dynamic attack group";
      }

      uses apply-advanced;

      leaf attack-group-description {
        type string;
        status deprecated;
        description
          "Filter name/value in xml format";
      }

      container filters {
        description "Configure filters";
        uses apply-advanced;

        container direction {
          presence "enable direction";
          description "Direction of attack";
          uses apply-advanced;

          leaf expression {
            type enumeration {
              enum "and" {
                value 0;
                description
                  "AND values together (recommended if 'exclude-*' values are set)";
              }
              enum "or" {
                value 1;
                description
                  "OR values together";
              }
            }
            default "or";
            description
              "Boolean AND/OR to be used for values";
          }

          leaf-list values {
            type enumeration {
              enum "client-to-server" {
                value 0;
                description
                  "Select attacks from client to server";
              }
              enum "server-to-client" {
                value 1;
                description
                  "Select attacks from server to client";
              }
              enum "any" {
                value 2;
                description
                  "Select attacks which can occur in either direction";
              }
              enum
                "exclude-client-to-server" {
                value 3;
                description
                  "Filter out attacks from client to server";
              }
              enum
                "exclude-server-to-client" {
                value 4;
                description
                  "Filter out attacks from server to client";
              }
              enum "exclude-any" {
                value 5;
                description
                  "Filter out attacks which occur in either direction";
              }
            }
            ordered-by user;
            description
              "Values for direction field";
          }
        }  // container direction

        container severity {
          presence "enable severity";
          description "Severity of attack";
          uses apply-advanced;

          leaf-list values {
            type enumeration {
              enum "info" {
                value 0;
                description
                  "Provide information of attack when it matches.";
              }
              enum "warning" {
                value 1;
                description
                  "Issue a warning when attack matches.";
              }
              enum "minor" {
                value 2;
                description
                  "The attack is a minor one.";
              }
              enum "major" {
                value 3;
                description
                  "The attack is a major one.";
              }
              enum "critical" {
                value 4;
                description
                  "The attack is a critical one.";
              }
            }
            ordered-by user;
            description
              "Values for severity field";
          }
        }  // container severity

        container type {
          presence "enable type";
          description "Type of attack";
          uses apply-advanced;

          leaf-list values {
            type enumeration {
              enum "signature" {
                value 0;
                description
                  "Signature based attacks";
              }
              enum "anomaly" {
                value 1;
                description
                  "Protocol anomalies";
              }
            }
            ordered-by user;
            description
              "Values for type field";
          }
        }  // container type

        choice recommended-choice {
          leaf recommended {
            type empty;
            description "Recommended flag";
          }
          leaf no-recommended {
            type empty;
            description
              "Don't recommended flag";
          }
        }  // choice recommended-choice

        container performance {
          presence "enable performance";
          description
            "Performance of attack";
          uses apply-advanced;

          leaf-list values {
            type enumeration {
              enum "unknown" {
                value 0;
                description
                  "Performance level unknown";
              }
              enum "fast" {
                value 1;
                description
                  "Fast performance";
              }
              enum "normal" {
                value 2;
                description
                  "Normal performance";
              }
              enum "slow" {
                value 3;
                description
                  "Slow performance";
              }
            }
            ordered-by user;
            description
              "Values for performance field";
          }
        }  // container performance

        container category {
          presence "enable category";
          description "Category of attack";
          uses apply-advanced;

          leaf-list values {
            type string;
            ordered-by user;
            description
              "Values for category field";
          }
        }  // container category

        container service {
          presence "enable service";
          description
            "Service/Application of attack";
          uses apply-advanced;

          leaf-list values {
            type string;
            ordered-by user;
            description
              "Values for service field";
          }
        }  // container service

        container false-positives {
          presence "enable false-positives";
          description
            "False positive field in attack";
          uses apply-advanced;

          leaf-list values {
            type enumeration {
              enum "unknown" {
                value 0;
                description
                  "Unknown information";
              }
              enum "rarely" {
                value 1;
                description
                  "Rare false positives occurrence";
              }
              enum "occasionally" {
                value 2;
                description
                  "Ocassional false positives occurrence";
              }
              enum "frequently" {
                value 3;
                description
                  "Frequent false positives occurrence";
              }
            }
            ordered-by user;
            description
              "Values for false-positives field";
          }
        }  // container false-positives

        list vendor {
          key "name";
          ordered-by user;
          description
            "Vendor/Product the attack belongs to";
          uses vendor-object;
        }  // list vendor

        container file-type {
          presence "enable file-type";
          description
            "File type the attack is valid for";
          uses apply-advanced;

          leaf-list values {
            type string;
            ordered-by user;
            description
              "Values for file-type field";
          }
        }  // container file-type

        container vulnerability-type {
          presence
            "enable vulnerability-type";
          description
            "Vulnariability type of attack";
          uses apply-advanced;

          leaf-list values {
            type string;
            ordered-by user;
            description
              "Values for vulnariability-type field";
          }
        }  // container vulnerability-type

        choice excluded-choice {
          leaf excluded {
            type empty;
            description "Excluded Attacks";
          }
          leaf no-excluded {
            type empty;
            description
              "Don't excluded Attacks";
          }
        }  // choice excluded-choice

        container attack-prefix {
          presence "enable attack-prefix";
          description
            "Prefix match for attack names";
          uses apply-advanced;

          leaf-list values {
            type string;
            ordered-by user;
            description
              "Values for attack name prefix match";
          }
        }  // container attack-prefix

        list cvss-score {
          key "name";
          ordered-by user;
          description
            "CVSS score of Attack ";
          leaf name {
            type enumeration {
              enum "greater-than" {
                value 0;
                description
                  "Match when cvss score is greater";
              }
              enum "less-than" {
                value 1;
                description
                  "Match when cvss score is less";
              }
            }
            description
              "Match condition of CVSS score";
          }

          uses apply-advanced;

          leaf value {
            junos:must "(".. value")";
            junos:must-message "Missing mandatory statement: 'value'";
            type decimal64 {
              fraction-digits 9;
              range "0 .. 10";
            }
            description "Match value";
          }
        }  // list cvss-score

        list age-of-attack {
          key "name";
          ordered-by user;
          description "Age of an Attack ";
          leaf name {
            type enumeration {
              enum "greater-than" {
                value 0;
                description
                  "Match when Age of Attack is greater";
              }
              enum "less-than" {
                value 1;
                description
                  "Match when Age of Attack is less";
              }
            }
            description
              "Match condition of Age of Attack";
          }

          uses apply-advanced;

          leaf value {
            junos:must "(".. value")";
            junos:must-message "Missing mandatory statement: 'value'";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description "Match value";
          }
        }  // list age-of-attack
      }  // container filters
    }  // grouping dynamic-attack-group-type

    grouping e2e-action-profile {
      leaf name {
        type string {
          length "1 .. 64";
        }
        description
          "Name of the action profile";
      }

      uses apply-advanced;

      leaf preserve-trace-order {
        type empty;
        description
          "Preserve trace order (has performance overhead)";
      }

      leaf record-pic-history {
        type empty;
        description
          "Record the PIC(s) in which the packet has been processed";
      }

      list event {
        key "name";
        ordered-by user;
        uses e2e-event;
      }  // list event

      list module {
        key "name";
        ordered-by user;
        uses e2e-module;
      }  // list module
    }  // grouping e2e-action-profile

    grouping e2e-event {
      leaf name {
        type enumeration {
          enum "np-ingress" {
            value 0;
            description "NP ingress";
          }
          enum "np-egress" {
            value 1;
            description "NP egress";
          }
          enum "mac-ingress" {
            value 2;
            description
              "SRX1K/3K IOC Mac ingress";
          }
          enum "mac-egress" {
            value 3;
            description
              "SRX1K/3K IOC Mac egress";
          }
          enum "lbt" {
            value 4;
            description
              "Load-Balance-Thread";
          }
          enum "pot" {
            value 5;
            description
              "Packet-Order-Thread";
          }
          enum "jexec" {
            value 6;
            description "JExec";
          }
          enum "lt-enter" {
            value 7;
            description
              "LT(Logical Tunnel) enter";
          }
          enum "lt-leave" {
            value 8;
            description
              "LT(Logical Tunnel) leave";
          }
        }
        description "Name of the event";
      }

      uses apply-advanced;

      leaf trace {
        type empty;
        description "Trace action";
      }

      leaf count {
        type empty;
        description "Count action";
      }

      leaf packet-summary {
        type empty;
        description "Packet summary action";
      }

      leaf packet-dump {
        type empty;
        description "Packet dump action";
      }
    }  // grouping e2e-event

    grouping e2e-module {
      leaf name {
        type enumeration {
          enum "flow" {
            value 0;
            description "Flow module";
          }
        }
        description "Name of the module";
      }

      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Events and other information to include in trace output";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "All flow trace";
            }
          }
        }
      }  // list flag
    }  // grouping e2e-module

    grouping end-to-end-debug-filter {
      description
        "End to end debug packer filter settings";
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string of letters, numbers, dashes or underscores";
          length "1 .. 64";
        }
        description "Name of the filter";
      }

      uses apply-advanced;

      leaf action-profile {
        type string;
        description
          "Actions to take with this filter";
      }

      leaf protocol {
        type string;
        description "Match IP protocol type";
      }

      leaf source-prefix {
        type jt:ipprefix;
        description
          "Source IPv4/IPv6 address prefix";
      }

      leaf destination-prefix {
        type jt:ipprefix;
        description
          "Destination IPv4/IPv6 address prefix";
      }

      leaf source-port {
        type string;
        description
          "Match TCP/UDP source port";
      }

      leaf destination-port {
        type string;
        description
          "Match TCP/UDP destination port";
      }

      leaf interface {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Logical interface";
      }
    }  // grouping end-to-end-debug-filter

    grouping extension-list-type {
      description
        "Configure extension-list object";
      leaf name {
        type string {
          junos:posix-pattern "^[a-zA-Z_]+[a-zA-Z_0-9-]*$";
          junos:pattern-message "Must be a string beginning with a letter or underscore and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 29";
        }
        description
          "Configure name of extension-list object";
      }

      uses apply-advanced;

      leaf-list value {
        type string {
          length "1 .. 29";
        }
        ordered-by user;
        description
          "Configure value of extension-list object";
      }
    }  // grouping extension-list-type

    grouping flow-filter-type {
      description "Flow filter settings";
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string of letters, numbers, dashes or underscores";
          length "1 .. 63";
        }
        description "Name of the filter";
      }

      uses apply-advanced;

      leaf protocol {
        type string;
        description "Match IP protocol type";
      }

      leaf source-prefix {
        type jt:ipprefix;
        description
          "Source IP address prefix";
      }

      leaf destination-prefix {
        type jt:ipprefix;
        description
          "Destination IP address prefix";
      }

      leaf conn-tag {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        description "Session connection tag";
      }

      leaf logical-system {
        type string {
          length "1 .. 63";
        }
        status deprecated;
        description "Logical system";
      }

      leaf source-port {
        type string;
        description
          "Match TCP/UDP source port";
      }

      leaf destination-port {
        type string;
        description
          "Match TCP/UDP destination port";
      }

      leaf interface {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Source logical interface";
      }
    }  // grouping flow-filter-type

    grouping flow-traceoptions-object {
      description
        "Trace options for flow services";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      list flag {
        key "name";
        ordered-by user;
        description
          "Events and other information to include in trace output";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "All events";
            }
            enum "basic-datapath" {
              value 1;
              description
                "Basic packet flow";
            }
            enum "high-availability" {
              value 2;
              description
                "Flow high-availability information";
            }
            enum "host-traffic" {
              value 3;
              description
                "Flow host-traffic information";
            }
            enum "fragmentation" {
              value 4;
              description
                "Ip fragmentation and reassembly events";
            }
            enum "multicast" {
              value 5;
              description
                "Multicast flow information";
            }
            enum "route" {
              value 6;
              description
                "Route lookup information";
            }
            enum "session" {
              value 7;
              description
                "Session creation and deletion events";
            }
            enum "session-scan" {
              value 8;
              description
                "Session scan information";
            }
            enum "tcp-basic" {
              value 9;
              description "TCP packet flow";
            }
            enum "tunnel" {
              value 10;
              description
                "Tunnel information";
            }
            enum "jexec" {
              value 11;
              description
                "Junos forwarding module";
            }
          }
        }
      }  // list flag

      leaf rate-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        default "0";
        description
          "Limit the incoming rate of trace messages";
      }

      list packet-filter {
        key "name";
        max-elements 64;
        ordered-by user;
        description
          "Flow packet debug filters";
        uses flow-filter-type;
      }  // list packet-filter

      container trace-level {
        description "FLow trace level";
        uses apply-advanced;

        choice level {
          leaf minimal {
            type empty;
            description
              "Significant messages including warning, error, criticality, alert and emergency.";
          }
          leaf brief {
            type empty;
            description
              "Brief messages including notice, in addition to minimal messages";
          }
          leaf detail {
            type empty;
            description
              "Detail messages including info and debug, in addition to brief messages";
          }
        }  // choice level
      }  // container trace-level

      leaf root-override {
        junos:must "((".. file" && ".. flag"))";
        junos:must-message "root-override must have root trace file and flag configured";
        type empty;
        description
          "Allow collect flow trace in root from all logical-systems and tenants";
      }
    }  // grouping flow-traceoptions-object

    grouping gtp-object {
      uses apply-advanced;

      list profile {
        key "name";
        description "Configure GTP Profile";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description "GTP profile name";
        }

        uses apply-advanced;

        leaf min-message-length {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 65535";
            }
          }
          default "0";
          description
            "Minimum message length, from 0 to 65535 ";
        }

        leaf max-message-length {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          default "65535";
          description
            "Maximum message length, from 1 to 65535";
        }

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000";
            }
          }
          units "hour";
          default "1000";
          description "Tunnel idle timeout";
        }

        container rate-limit {
          presence "enable rate-limit";
          description
            "Limit messages per second";
          uses rate-limit-object;
        }  // container rate-limit

        container log {
          presence "enable log";
          description
            "GPRS tunneling protocol logs";
          uses apply-advanced;

          leaf forwarded {
            type enumeration {
              enum "basic" {
                value 0;
                description "Basic logs";
              }
              enum "detail" {
                value 1;
                description "Detailed logs";
              }
            }
            description
              "Log passed good packets";
          }

          leaf event {
            type enumeration {
              enum "basic" {
                value 0;
                description "Basic logs";
              }
              enum "detail" {
                value 1;
                description "Detailed logs";
              }
            }
            description
              "Log alarms and tunnel management events";
          }

          leaf prohibited {
            type enumeration {
              enum "basic" {
                value 0;
                description "Basic logs";
              }
              enum "detail" {
                value 1;
                description "Detailed logs";
              }
            }
            description
              "Log dropped packets";
          }

          list gtp-u {
            key "name";
            description "Logs for gtp-u";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description
                    "All gtp-u logs";
                }
                enum "dropped" {
                  value 1;
                  description
                    "Dropped gtp-u logs";
                }
              }
              description "Logs for gtp-u";
            }

            uses apply-advanced;
          }  // list gtp-u

          container rate-limited {
            presence "enable rate-limited";
            description
              "Dropped for rate-limit";
            uses apply-advanced;

            choice rate-limited-attr {
              leaf basic {
                type empty;
                description "Basic logs";
              }
              leaf detail {
                type empty;
                description "Detailed logs";
              }
            }  // choice rate-limited-attr
          }  // container rate-limited
        }  // container log

        container remove-ie {
          presence "enable remove-ie";
          description
            "Remove information elements";
          uses apply-advanced;

          list version {
            key "name";
            description "GTP version";
            leaf name {
              type enumeration {
                enum "v1" {
                  value 0;
                  description "GTP v1";
                }
              }
              description "Version name";
            }

            uses apply-advanced;

            list release {
              key "name";
              description
                "Remove information elements by release";
              leaf name {
                type enumeration {
                  enum "R6" {
                    value 0;
                    description "Release 6";
                  }
                  enum "R7" {
                    value 1;
                    description "Release 7";
                  }
                  enum "R8" {
                    value 2;
                    description "Release 8";
                  }
                  enum "R9" {
                    value 3;
                    description "Release 9";
                  }
                }
                description "Release name";
              }

              uses apply-advanced;
            }  // list release

            list number {
              key "name";
              description
                "Remove information elements by number";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
              }

              uses apply-advanced;
            }  // list number
          }  // list version
        }  // container remove-ie

        container path-rate-limit {
          description
            "Limit control messages based on IP pairs";
          uses apply-advanced;

          list message-type {
            key "name";
            description
              "Specific group of control messages";
            leaf name {
              type enumeration {
                enum "create-req" {
                  value 0;
                  description
                    "Limit packet-per-second of GTP create request";
                }
                enum "delete-req" {
                  value 1;
                  description
                    "Limit packet-per-second of GTP delete request";
                }
                enum "echo-req" {
                  value 2;
                  description
                    "Limit packet-per-minute of GTP echo request";
                }
                enum "other" {
                  value 3;
                  description
                    "Limit packet-per-second of all other GTP control messages";
                }
              }
              description
                "Specific group of control messages";
            }

            uses apply-advanced;

            container drop-threshold {
              description
                "Set drop threshold for path rate limiting";
              uses apply-advanced;

              leaf forward {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10000";
                  }
                }
                description
                  "Limit messages of forward direction";
              }

              leaf reverse {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10000";
                  }
                }
                description
                  "Limit messages of reverse direction";
              }
            }  // container drop-threshold

            container alarm-threshold {
              description
                "Set alarm threshold for path rate limiting";
              uses apply-advanced;

              leaf forward {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10000";
                  }
                }
                description
                  "Limit messages of forward direction";
              }

              leaf reverse {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 10000";
                  }
                }
                description
                  "Limit messages of reverse direction";
              }
            }  // container alarm-threshold
          }  // list message-type
        }  // container path-rate-limit

        container drop {
          description
            "Drop certain type of messages";
          uses apply-advanced;

          list aa-create-pdp {
            key "name";
            ordered-by user;
            description
              "Create AA pdp request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list aa-create-pdp

          list aa-delete-pdp {
            key "name";
            ordered-by user;
            description
              "Delete AA pdp request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list aa-delete-pdp

          list bearer-resource {
            key "name";
            ordered-by user;
            description
              "Bearer resource command/failure message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list bearer-resource

          list change-notification {
            key "name";
            ordered-by user;
            description
              "Change notification request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list change-notification

          list config-transfer {
            key "name";
            ordered-by user;
            description
              "Configuration transfer message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list config-transfer

          list context {
            key "name";
            ordered-by user;
            description
              "Context request/response/ack message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list context

          list create-bearer {
            key "name";
            ordered-by user;
            description
              "Create bearer request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list create-bearer

          list create-data-forwarding {
            key "name";
            ordered-by user;
            description
              "Create indirect data forwarding tunnel request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list create-data-forwarding

          list create-pdp {
            key "name";
            ordered-by user;
            description
              "Create pdp request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list create-pdp

          list create-session {
            key "name";
            ordered-by user;
            description
              "Create session request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list create-session

          list create-tnl-forwarding {
            key "name";
            ordered-by user;
            description
              "Create forwarding tunnel request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list create-tnl-forwarding

          list cs-paging {
            key "name";
            ordered-by user;
            description
              "CS paging indication message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list cs-paging

          list data-record {
            key "name";
            ordered-by user;
            description
              "Data record request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list data-record

          list delete-bearer {
            key "name";
            ordered-by user;
            description
              "Delete bearer request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list delete-bearer

          list delete-command {
            key "name";
            ordered-by user;
            description
              "Delete bearer command/failure message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list delete-command

          list delete-data-forwarding {
            key "name";
            ordered-by user;
            description
              "Delete indirect data forwarding tunnel request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list delete-data-forwarding

          list delete-pdn {
            key "name";
            ordered-by user;
            description
              "Delete PDN connection set request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list delete-pdn

          list delete-pdp {
            key "name";
            ordered-by user;
            description
              "Delete pdp request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list delete-pdp

          list delete-session {
            key "name";
            ordered-by user;
            description
              "Delete session request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list delete-session

          list detach {
            key "name";
            ordered-by user;
            description
              "Detach notification/ack message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list detach

          list downlink-notification {
            key "name";
            ordered-by user;
            description
              "Downlink data notification/ack/failure message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list downlink-notification

          list echo {
            key "name";
            ordered-by user;
            description
              "Echo request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "2" {
                  value 2;
                  description "Version 2";
                }
                enum "all" {
                  value 3;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list echo

          list error-indication {
            key "name";
            ordered-by user;
            description
              "Error indication message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list error-indication

          list failure-report {
            key "name";
            ordered-by user;
            description
              "Failure report request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list failure-report

          list fwd-access {
            key "name";
            ordered-by user;
            description
              "Forward access context notification/ack message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list fwd-access

          list fwd-relocation {
            key "name";
            ordered-by user;
            description
              "Forward relocation request/response/comp/comp-ack message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
                enum "2" {
                  value 1;
                  description "Version 2";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list fwd-relocation

          list fwd-srns-context {
            key "name";
            ordered-by user;
            description
              "Forward SRNS context/context-ack message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list fwd-srns-context

          list g-pdu {
            key "name";
            ordered-by user;
            description
              "G-PDU (user PDU) message/T-PDU";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list g-pdu

          list identification {
            key "name";
            ordered-by user;
            description
              "Identification request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "2" {
                  value 2;
                  description "Version 2";
                }
                enum "all" {
                  value 3;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list identification

          list mbms-session-start {
            key "name";
            ordered-by user;
            description
              "MBMS session start request/response message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
                enum "2" {
                  value 1;
                  description "Version 2";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list mbms-session-start

          list mbms-session-stop {
            key "name";
            ordered-by user;
            description
              "MBMS session stop request/response message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
                enum "2" {
                  value 1;
                  description "Version 2";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list mbms-session-stop

          list mbms-session-update {
            key "name";
            ordered-by user;
            description
              "MBMS session update request/response message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
                enum "2" {
                  value 1;
                  description "Version 2";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list mbms-session-update

          list modify-bearer {
            key "name";
            ordered-by user;
            description
              "Modify bearer request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list modify-bearer

          list modify-command {
            key "name";
            ordered-by user;
            description
              "Modify bearer command/failure message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list modify-command

          list node-alive {
            key "name";
            ordered-by user;
            description
              "Node alive request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list node-alive

          list note-ms-present {
            key "name";
            ordered-by user;
            description
              "Note MS GPRS present request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list note-ms-present

          list pdu-notification {
            key "name";
            ordered-by user;
            description
              "PDU notification requst/response/reject/reject-response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list pdu-notification

          list ran-info {
            key "name";
            ordered-by user;
            description
              "RAN info relay message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
                enum "2" {
                  value 1;
                  description "Version 2";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list ran-info

          list redirection {
            key "name";
            ordered-by user;
            description
              "Redirection request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list redirection

          list release-access {
            key "name";
            ordered-by user;
            description
              "Release access-bearer request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list release-access

          list relocation-cancel {
            key "name";
            ordered-by user;
            description
              "Relocation cancel request/response message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
                enum "2" {
                  value 1;
                  description "Version 2";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list relocation-cancel

          list resume {
            key "name";
            ordered-by user;
            description
              "Resume notification/ack message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list resume

          list send-route {
            key "name";
            ordered-by user;
            description
              "Send route info request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list send-route

          list sgsn-context {
            key "name";
            ordered-by user;
            description
              "SGSN context request/response/ack message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list sgsn-context

          list stop-paging {
            key "name";
            ordered-by user;
            description
              "Stop paging indication message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list stop-paging

          list supported-extension {
            key "name";
            ordered-by user;
            description
              "Supported extension headers notification message";
            leaf name {
              type enumeration {
                enum "1" {
                  value 0;
                  description "Version 1";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list supported-extension

          list suspend {
            key "name";
            ordered-by user;
            description
              "Suspend notification/ack message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list suspend

          list trace-session {
            key "name";
            ordered-by user;
            description
              "Trace session activation/deactivation message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list trace-session

          list update-bearer {
            key "name";
            ordered-by user;
            description
              "Update bearer request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list update-bearer

          list update-pdn {
            key "name";
            ordered-by user;
            description
              "Update PDN connection set request/response message";
            leaf name {
              type enumeration {
                enum "2" {
                  value 0;
                  description "Version 2";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list update-pdn

          list update-pdp {
            key "name";
            ordered-by user;
            description
              "Update pdp request/response message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "all" {
                  value 2;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list update-pdp

          list ver-not-supported {
            key "name";
            ordered-by user;
            description
              "Version not supported message";
            leaf name {
              type enumeration {
                enum "0" {
                  value 0;
                  description "Version 0";
                }
                enum "1" {
                  value 1;
                  description "Version 1";
                }
                enum "2" {
                  value 2;
                  description "Version 2";
                }
                enum "all" {
                  value 3;
                  description "All versions";
                }
              }
              description
                "GTP version for message";
            }

            uses apply-advanced;
          }  // list ver-not-supported
        }  // container drop

        list apn {
          key "name";
          description
            "GTP Access Point Name (APN) filter";
          leaf name {
            type string {
              junos:posix-pattern "^[*]$|^[*][^*]{1,63}$|^[^*]{1,64}$";
              junos:pattern-message "APN pattern string length should be 1-64, support wildcard for the first character";
              length "1 .. 64";
            }
            description
              "Specific APN pattern string";
          }

          uses apply-advanced;

          list imsi-prefix {
            key "name";
            description
              "Specific filter prefix digits for International Mobile Subscriber Identification(IMSI)";
            leaf name {
              type string {
                junos:posix-pattern "^[*]$|^[0-9]{5,15}$";
                junos:pattern-message "imsi-prefix should be * or 5-15 digits";
                length "1 .. 15";
              }
              description
                "IMSI prefix should be * or 5-15 digits";
            }

            uses apply-advanced;

            container action {
              description
                "Configure GTP profile APN action";
              uses apply-advanced;

              choice action-c {
                leaf pass {
                  type empty;
                  description
                    "Pass all selection modes for this APN";
                }
                leaf drop {
                  type empty;
                  description
                    "Drop all selection modes for this APN";
                }
                container selection {
                  presence
                    "enable selection";
                  description
                    "Allowed selection modes for this APN";
                  uses apply-advanced;

                  leaf ms {
                    type empty;
                    description
                      "Mobile Station selection mode";
                  }

                  leaf net {
                    type empty;
                    description
                      "Network selection mode";
                  }

                  leaf vrf {
                    type empty;
                    description
                      "Subscriber verified mode";
                  }
                }  // container selection
              }  // choice action-c
            }  // container action
          }  // list imsi-prefix
        }  // list apn

        leaf restart-path {
          type enumeration {
            enum "echo" {
              value 0;
              description
                "Restart GTP paths by detecting restart number stored in the Echo messages";
            }
            enum "create" {
              value 1;
              description
                "Restart GTP paths by detecting restart number stored in the Create messages";
            }
            enum "all" {
              value 2;
              description
                "Restart GTP paths by detecting restart number stored in the Echo or Create messages";
            }
          }
          description "Restart GTP paths";
        }

        leaf seq-number-validated {
          type empty;
          description
            "Validate G-PDU sequence number";
        }

        leaf gtp-in-gtp-denied {
          type empty;
          description "Deny nested GTP";
        }

        leaf u-tunnel-validated {
          type empty;
          description
            "Validate GTP-u tunnel";
        }

        leaf end-user-address-validated {
          type empty;
          description
            "Validate end user address";
        }

        leaf req-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 30";
            }
          }
          units "second";
          description
            "Request message timeout, default timeout value 5 seconds";
        }

        leaf handover-on-roaming-intf {
          type empty;
          description
            "Enable tunnel setup by Handover messages on roaming interface";
        }

        container handover-group {
          description
            "SGSN handover group configuration";
          uses apply-advanced;

          leaf group-name {
            junos:must "(("security gprs gtp handover-group $$" || ("security gprs gtp ip-group $$" || ("security gtp handover-group $$" || "security gtp ip-group $$"))))";
            junos:must-message "referenced ip-group/handover-group not found";
            type string {
              length "1 .. 23";
            }
            description
              "SGSN handover group name";
          }
        }  // container handover-group

        leaf listening-mode {
          type empty;
          description
            "Enable listening-mode for GTP inspection";
        }

        container ne-group {
          description
            "IP validation check for NE group configuration";
          uses apply-advanced;

          leaf group-name {
            junos:must "(("security gprs gtp ip-group $$" || "security gtp ip-group $$"))";
            junos:must-message "referenced ip-group not found";
            type string {
              length "1 .. 23";
            }
            description "GTP ip group name";
          }
        }  // container ne-group

        container ue-group {
          description
            "End User IP validation check for UE group configuration";
          uses apply-advanced;

          leaf group-name {
            junos:must "(("security gprs gtp ip-group $$" || "security gtp ip-group $$"))";
            junos:must-message "referenced ip-group not found";
            type string {
              length "1 .. 23";
            }
            description "GTP ip group name";
          }
        }  // container ue-group

        container must-ie-v1 {
          description
            "GTPv1 Must IE check configuration";
          uses apply-advanced;

          leaf msgie-prf-v1-name {
            junos:must "(("security gprs gtp message-ie-profile-v1 $$" || "security gtp message-ie-profile-v1 $$"))";
            junos:must-message "referenced message-ie-profile-v1 not found";
            type string {
              length "1 .. 23";
            }
            description
              "GTPv1 message-ie profile name";
          }
        }  // container must-ie-v1

        container must-ie-v2 {
          description
            "GTPv2 Must IE check configuration";
          uses apply-advanced;

          leaf msgie-prf-v2-name {
            junos:must "(("security gprs gtp message-ie-profile-v2 $$" || "security gtp message-ie-profile-v2 $$"))";
            junos:must-message "referenced message-ie-profile-v2 not found";
            type string {
              length "1 .. 23";
            }
            description
              "GTPv2 message-ie profile name";
          }
        }  // container must-ie-v2

        container remove-ie-v1 {
          description
            "GTPv1 IE Removal configuration";
          uses apply-advanced;

          leaf ieset-name {
            junos:must "(("security gprs gtp ie-set $$" || "security gtp ie-set $$"))";
            junos:must-message "referenced ie-set not found";
            type string {
              length "1 .. 23";
            }
            description "GTP ie-set name";
          }
        }  // container remove-ie-v1

        container remove-ie-v2 {
          description
            "GTPv2 IE Removal configuration";
          uses apply-advanced;

          leaf ieset-name {
            junos:must "(("security gprs gtp ie-set $$" || "security gtp ie-set $$"))";
            junos:must-message "referenced ie-set not found";
            type string {
              length "1 .. 23";
            }
            description "GTP ie-set name";
          }
        }  // container remove-ie-v2

        choice apn-control-c {
          container apn-control {
            description
              "GTP per APN control";
            uses apply-advanced;

            leaf apn-ctrl-name {
              junos:must "(("security gprs gtp apn-control $$" || "security gtp apn-control $$"))";
              junos:must-message "referenced apn-control profile not found";
              type string {
                length "1 .. 23";
              }
              description
                "APN control profile name";
            }
          }  // container apn-control
          container apn-control-group {
            description
              "GTP per APN control group";
            uses apply-advanced;

            leaf apn-ctrl-grp-name {
              junos:must "(("security gprs gtp apn-control-group $$" || "security gtp apn-control-group $$"))";
              junos:must-message "referenced apn-control group not found";
              type string {
                length "1 .. 23";
              }
              description
                "APN control group name";
            }
          }  // container apn-control-group
        }  // choice apn-control-c
      }  // list profile

      container traceoptions {
        description
          "Trace options for GPRS tunneling protocol";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Trace configuration events";
              }
              enum "flow" {
                value 1;
                description
                  "Trace flow events";
              }
              enum "parser" {
                value 2;
                description
                  "Trace parser events";
              }
              enum "chassis-cluster" {
                value 3;
                description
                  "Trace chassis cluster events";
              }
              enum "gsn" {
                value 4;
                description
                  "Trace gsn events";
              }
              enum "jmpi" {
                value 5;
                description
                  "Trace jmpi events";
              }
              enum "tnl" {
                value 6;
                description
                  "Trace tnl events";
              }
              enum "req" {
                value 7;
                description
                  "Trace req events";
              }
              enum "path" {
                value 8;
                description
                  "Trace path events";
              }
              enum "all" {
                value 9;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag

        container trace-level {
          description "GTP trace level";
          uses apply-advanced;

          choice level {
            leaf error {
              type empty;
              description
                "Match error conditions";
            }
            leaf warning {
              type empty;
              description
                "Match warning messages";
            }
            leaf notice {
              type empty;
              description
                "Match conditions that should be handled specially";
            }
            leaf info {
              type empty;
              description
                "Match informational messages";
            }
            leaf verbose {
              type empty;
              description
                "Match verbose messages";
            }
          }  // choice level
        }  // container trace-level
      }  // container traceoptions

      container handover-default {
        description
          "Set handover default deny";
        uses apply-advanced;

        leaf deny {
          type empty;
          description
            "Handover default deny";
        }
      }  // container handover-default

      list ip-group {
        key "name";
        description "Set GTP IP group";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description "Set ip group name";
        }

        uses apply-advanced;

        list address-book {
          key "name";
          description "Set addreess book";
          leaf name {
            junos:must "("security address-book $$")";
            junos:must-message "referenced address-book not found";
            type string {
              length "1 .. 63";
            }
            description
              "Set address book name";
          }

          uses apply-advanced;

          container address-set {
            description "Set address set";
            uses apply-advanced;

            leaf set-name {
              type string {
                length "1 .. 63";
              }
              description
                "Set address set name";
            }
          }  // container address-set
        }  // list address-book
      }  // list ip-group

      list ie-set {
        key "name";
        max-elements 20;
        description "Set GTP IE set profile";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "Set GTP IE set profile name";
        }

        uses apply-advanced;

        list ie {
          key "name";
          description "Set IE number";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 255";
              }
            }
            description "Set IE number";
          }

          uses apply-advanced;
        }  // list ie
      }  // list ie-set

      list message-ie-profile-v1 {
        key "name";
        max-elements 10;
        description
          "Set GTPv1 message IE profile";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "Set GTPv1 message IE profile name";
        }

        uses apply-advanced;

        list message {
          key "name";
          description "Set message type";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 255";
              }
            }
            description "Set message type";
          }

          uses apply-advanced;

          list ie {
            key "name";
            description "Set IE number";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "1 .. 255";
                }
              }
              description "Set IE number";
            }

            uses apply-advanced;
          }  // list ie
        }  // list message
      }  // list message-ie-profile-v1

      list grouped-ie-profile {
        key "name";
        max-elements 100;
        description
          "Set GTP grouped IE filter profile";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "Set GTP grouped IE filter profile name";
        }

        uses apply-advanced;

        list ie {
          key "name";
          description "Set IE number";
          uses ie-filter-object;
        }  // list ie
      }  // list grouped-ie-profile

      list message-ie-profile-v2 {
        key "name";
        max-elements 10;
        description
          "Set GTP message IE filter profile";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "Set message IE filter profile name";
        }

        uses apply-advanced;

        list message {
          key "name";
          description "Set message type";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 255";
              }
            }
            description "Set message type";
          }

          uses apply-advanced;

          list ie {
            key "name";
            description "Set IE number";
            uses ie-filter-object;
          }  // list ie
        }  // list message
      }  // list message-ie-profile-v2

      list message-list {
        key "name";
        max-elements 10;
        description "Set message list";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "Set message list name";
        }

        uses apply-advanced;

        list message {
          key "name";
          description "Set message type";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 255";
              }
            }
            description "Set message type";
          }

          uses apply-advanced;
        }  // list message
      }  // list message-list

      list rate-limit {
        key "name";
        description "Limiting message rate";
        leaf name {
          type enumeration {
            enum "default" {
              value 0;
              description
                "Default rate limit policy name";
            }
          }
          description
            "Rate limit policy name";
        }

        uses apply-advanced;

        container message {
          description
            "GTP limited message type";
          uses message-object;
        }  // container message
      }  // list rate-limit

      list apn-control {
        key "name";
        max-elements 1024;
        description
          "GTP APN control profile";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "APN control profile name";
        }

        uses apply-advanced;

        container apn {
          description
            "APN of the APN control profile";
          uses apply-advanced;

          leaf apn-string {
            type string {
              length "1 .. 100";
            }
            description "APN string";
          }
        }  // container apn

        container rate-limit {
          presence "enable rate-limit";
          description
            "APN controlled rate-limit";
          uses rate-limit-object;
        }  // container rate-limit
      }  // list apn-control

      list apn-control-group {
        key "name";
        max-elements 1024;
        description
          "GTP APN control profile group";
        leaf name {
          type string {
            length "1 .. 23";
          }
          description
            "APN control profile group name";
        }

        uses apply-advanced;

        list apn-control {
          key "name";
          description "APN control profile";
          leaf name {
            junos:must "(("security gprs gtp apn-control $$" || "security gtp apn-control $$"))";
            junos:must-message "referenced apn-control profile not found";
            type string {
              length "1 .. 23";
            }
            description
              "APN control profile name";
          }

          uses apply-advanced;
        }  // list apn-control
      }  // list apn-control-group
    }  // grouping gtp-object

    grouping httpd_dvpn_traceoptions_type {
      description
        "Trace options for dynamic-vpn process";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description
          "Area of HTTPD process to enable debugging output";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "Trace all areas";
            }
          }
        }
      }  // list flag
    }  // grouping httpd_dvpn_traceoptions_type

    grouping icap-profile-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description
          "ICAP service profile name";
      }

      uses apply-advanced;

      list server {
        key "name";
        max-elements 16;
        ordered-by user;
        description
          "Configure service redirection server";
        uses icap-redir-server;
      }  // list server

      container http {
        description "ICAP methods switch";
        uses http-redirect-object;
      }  // container http

      container fallback-option {
        description "Failure event actions";
        uses icap-redirect-fallback;
      }  // container fallback-option

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "100 .. 50000";
          }
        }
        default "500";
        description
          "Server response timeout in milliseconds";
      }
    }  // grouping icap-profile-object

    grouping http-redirect-object {
      uses apply-advanced;

      leaf redirect-request {
        type empty;
        description
          "Enable redirect service on HTTP request";
      }

      leaf redirect-response {
        type empty;
        description
          "Enable redirect service on HTTP response";
      }
    }  // grouping http-redirect-object

    grouping icap-redir-server {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Server name";
      }

      uses apply-advanced;

      container authorization {
        description "User authentication";
        uses apply-advanced;

        leaf authorization-type {
          type string {
            length "1 .. 127";
          }
          description
            "Authentication type. 'Basic' by default";
        }

        container credentials {
          description "Credentials text";
          choice credentials-choice {
            leaf ascii {
              type string {
                length "1 .. 511";
              }
              description "ASCII string";
            }
            leaf base64 {
              type string {
                length "1 .. 511";
              }
              description "Base64 string";
            }
          }  // choice credentials-choice
        }  // container credentials
      }  // container authorization

      leaf host {
        type string {
          length "1 .. 255";
        }
        description "Host name/IP address";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1025 .. 65535";
          }
        }
        default "1344";
        description "Server listening port";
      }

      leaf reqmod-uri {
        type string {
          length "0 .. 1023";
        }
        description
          "REQMOD option resource identifier";
      }

      leaf respmod-uri {
        type string {
          length "0 .. 1023";
        }
        description
          "RESPMOD option resource identifier";
      }

      container routing-instance {
        description "Routing instance";
        leaf ri-name {
          junos:must "("routing-instances $$ instance-type virtual-router")";
          junos:must-message "Virtual router must be defined under [routing-instances]";
          junos:must "("routing-instances $$")";
          junos:must-message "Routing-instance must be defined";
          type string {
            junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
            junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
            length "1 .. 127";
          }
          description
            "Routing instance name";
        }
      }  // container routing-instance

      leaf sockets {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "1 .. 64";
          }
        }
        default "8";
        description
          "Number of connections to create";
      }

      leaf tls-profile {
        junos:must "("services ssl initiation profile $$")";
        junos:must-message "Referenced SSL initiation profile is not defined";
        type string {
          length "1 .. 63";
        }
        description "TLS profile";
      }
    }  // grouping icap-redir-server

    grouping icap-redirect-fallback {
      uses apply-advanced;

      leaf timeout {
        type enumeration {
          enum "permit" {
            value 0;
            description
              "Direct permit action";
          }
          enum "log-permit" {
            value 1;
            description
              "Log then permit action";
          }
          enum "block" {
            value 2;
            description "Block action";
          }
        }
        default "permit";
        description "Request timeout action";
      }

      leaf connectivity {
        type enumeration {
          enum "permit" {
            value 0;
            description
              "Direct permit action";
          }
          enum "log-permit" {
            value 1;
            description
              "Log then permit action";
          }
          enum "block" {
            value 2;
            description "Block action";
          }
        }
        default "permit";
        description
          "Connection-related failure action";
      }

      leaf default-action {
        type enumeration {
          enum "permit" {
            value 0;
            description
              "Direct permit action";
          }
          enum "log-permit" {
            value 1;
            description
              "Log then permit action";
          }
          enum "block" {
            value 2;
            description "Block action";
          }
        }
        default "permit";
        description "Default failure action";
      }
    }  // grouping icap-redirect-fallback

    grouping icap-redirect-traceoptions {
      description
        "ICAP redirect traceoptions";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      list flag {
        key "name";
        ordered-by user;
        description "Trace flags";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "Trace everything";
            }
            enum "icap-redirect-re" {
              value 1;
              description
                "Trace events on RE side";
            }
            enum "icap-redirect-control" {
              value 2;
              description
                "Trace events on PFE-ukernel side";
            }
            enum "icap-redirect-connection" {
              value 3;
              description
                "Trace ICAP server connection events";
            }
            enum "icap-redirect-protocol" {
              value 4;
              description
                "Trace redirect packet events";
            }
          }
        }
      }  // list flag
    }  // grouping icap-redirect-traceoptions

    grouping identity-management-connection-type {
      description
        "Identity management connection";
      uses apply-advanced;

      leaf connect-method {
        type enumeration {
          enum "https" {
            value 0;
            description "HTTPS connection";
          }
          enum "http" {
            value 1;
            description "HTTP connection";
          }
        }
        description "Method of connection";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        default "443";
        description "Server port";
      }

      container primary {
        description "Primary server";
        uses identity-server-connection-type;
      }  // container primary

      container secondary {
        description "Secondary server";
        uses identity-server-connection-type;
      }  // container secondary

      leaf token-api {
        type string {
          length "1 .. 128";
        }
        description
          "API of acquiring token for OAuth2 authentication";
      }

      leaf query-api {
        type string {
          length "4 .. 128";
        }
        description "Query API";
      }
    }  // grouping identity-management-connection-type

    grouping identity-server-connection-type {
      description
        "Connection parameters per server";
      uses apply-advanced;

      leaf address {
        type jt:ipaddr;
        description "Server address";
      }

      leaf ca-certificate {
        type string {
          length "1 .. 256";
        }
        description
          "Ca-certificate file name";
      }

      leaf client-id {
        type string {
          length "1 .. 64";
        }
        description
          "Client ID for OAuth2 grant";
      }

      leaf client-secret {
        type string {
          length "1 .. 128";
        }
        description
          "Client secret for OAuth2 grant";
      }

      leaf source {
        type jt:ipaddr;
        description "Client address";
      }

      leaf interface {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface name";
      }

      leaf routing-instance {
        junos:must "("routing-instances $$")";
        junos:must-message "Routing-instance must be defined";
        type string;
        description "Routing instance name";
      }
    }  // grouping identity-server-connection-type

    grouping idp-policy-type {
      leaf name {
        type string;
        description "IDP policy name";
      }

      container rulebase-ips {
        description "IPS rulebase";
        uses apply-advanced;

        list rule {
          key "name";
          ordered-by user;
          description "Configure IPS rule";
          leaf name {
            type string;
            description "Rule name";
          }

          uses apply-advanced;

          leaf description {
            type string;
            description "Rule description";
          }

          container match {
            description
              "Rule match criteria";
            uses apply-advanced;

            leaf from-zone {
              junos:must "((".. from-zone any" || "security zones security-zone $$"))";
              junos:must-message "from-zone should be 'any' or configured under [security zones security-zone]";
              type string;
              default "any";
              description "Match from zone";
            }

            choice source {
              leaf-list source-address {
                type string;
                ordered-by user;
                description
                  "Match source address";
              }
              leaf-list source-except {
                type string;
                ordered-by user;
                description
                  "Don't match source address";
              }

              case case_3 {
              }  // case case_3

              case case_4 {
              }  // case case_4
            }  // choice source

            leaf to-zone {
              junos:must "((".. to-zone any" || "security zones security-zone $$"))";
              junos:must-message "to-zone should be 'any' or configured under [security zones security-zone]";
              type string;
              default "any";
              description "Match to zone";
            }

            choice destination {
              leaf-list destination-address {
                type string;
                ordered-by user;
                description
                  "Match destination address";
              }
              leaf-list destination-except {
                type string;
                ordered-by user;
                description
                  "Don't match destination address";
              }

              case case_3 {
              }  // case case_3

              case case_4 {
              }  // case case_4
            }  // choice destination

            leaf application {
              type string;
              description
                "Specify application or application-set name to match";
            }

            container attacks {
              description
                "Match attack objects";
              uses apply-advanced;

              leaf-list custom-attacks {
                type string;
                ordered-by user;
                description "Custom attacks";
              }

              leaf-list custom-attack-groups {
                type string;
                ordered-by user;
                description
                  "Custom attack groups";
              }

              leaf-list dynamic-attack-groups {
                type string;
                ordered-by user;
                description
                  "Dynamic attack groups";
              }

              leaf-list predefined-attacks {
                type string;
                ordered-by user;
                description
                  "Predefined attacks";
              }

              leaf-list predefined-attack-groups {
                type string;
                ordered-by user;
                description
                  "Predefined attack groups";
              }
            }  // container attacks
          }  // container match

          container then {
            uses apply-advanced;

            container action {
              choice action {
                leaf no-action {
                  type empty;
                  description "No action";
                }
                leaf ignore-connection {
                  type empty;
                  description "Ignore";
                }
                container mark-diffserv {
                  description
                    "Mark differentiated services codepoint (DSCP)";
                  uses apply-advanced;

                  leaf codepoint {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 63";
                      }
                    }
                    description
                      "Codepoint value";
                  }
                }  // container mark-diffserv
                container class-of-service {
                  description
                    "Classification of traffic based on class-of-service";
                  uses apply-advanced;

                  leaf forwarding-class {
                    type string {
                      junos:posix-pattern "^.{1,64}$";
                      junos:pattern-message "Must be string of 64 characters or less";
                    }
                    description
                      "Forwarding class for outgoing packets";
                  }

                  leaf dscp-code-point {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 63";
                      }
                    }
                    description
                      "Differentiated services code point value";
                  }
                }  // container class-of-service
                leaf drop-packet {
                  type empty;
                  description "Drop packet";
                }
                leaf drop-connection {
                  type empty;
                  description
                    "Drop connection";
                }
                leaf close-client {
                  type empty;
                  description "Close client";
                }
                leaf close-server {
                  type empty;
                  description "Close server";
                }
                leaf close-client-and-server {
                  type empty;
                  description
                    "Close client and server";
                }
                leaf recommended {
                  junos:must "(".. .. .. match attacks")";
                  junos:must-message "attacks must also be configured.";
                  type empty;
                  description "Recommended";
                }
              }  // choice action
            }  // container action

            container ip-action {
              uses apply-advanced;

              choice ip-action {
                leaf ip-notify {
                  type empty;
                  description
                    "Notify about future traffic";
                }
                leaf ip-close {
                  type empty;
                  description
                    "Close future connections";
                }
                leaf ip-block {
                  type empty;
                  description
                    "Block future connections";
                }
              }  // choice ip-action

              leaf target {
                type enumeration {
                  enum "service" {
                    value 0;
                    description
                      "Match source, destination, dst-port and protocol";
                  }
                  enum "source-zone-address" {
                    value 1;
                    description
                      "Match source-zone and source-address";
                  }
                  enum "source-address" {
                    value 2;
                    description
                      "Match source";
                  }
                  enum "destination-address" {
                    value 3;
                    description
                      "Match destination";
                  }
                  enum "zone-service" {
                    value 4;
                    description
                      "Match source-zone, destination, dst-port, protocol";
                  }
                  enum "source-zone" {
                    value 5;
                    description
                      "Match source-zone";
                  }
                }
              }

              leaf log {
                type empty;
                description
                  "Log IP action taken";
              }

              leaf log-create {
                type empty;
                description
                  "Log IP action creation";
              }

              leaf timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 64800";
                  }
                }
                description
                  "Number of seconds IP action should remain effective";
              }

              leaf refresh-timeout {
                junos:must "(".. timeout")";
                junos:must-message "timeout must be specified";
                type empty;
                description
                  "Refresh timeout when future connections match installed ip-action filter";
              }
            }  // container ip-action

            container notification {
              presence "enable notification";
              description
                "Configure notification/logging options";
              uses apply-advanced;

              container log-attacks {
                presence
                  "enable log-attacks";
                description
                  "Enable attack logging";
                uses apply-advanced;

                leaf alert {
                  type empty;
                  description
                    "Set alert flag in attack log";
                }
              }  // container log-attacks

              container packet-log {
                presence "enable packet-log";
                uses apply-advanced;

                leaf pre-attack {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255";
                    }
                  }
                  default "1";
                  description
                    "No of packets to capture before attack";
                }

                leaf post-attack {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "No of packets to capture after attack";
                }

                leaf post-attack-timeout {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 1800";
                    }
                  }
                  default "5";
                  description
                    "Timeout (seconds) after attack before stopping packet capture";
                }
              }  // container packet-log
            }  // container notification

            leaf severity {
              type enumeration {
                enum "info" {
                  value 0;
                }
                enum "warning" {
                  value 1;
                }
                enum "minor" {
                  value 2;
                }
                enum "major" {
                  value 3;
                }
                enum "critical" {
                  value 4;
                }
              }
              description
                "Set rule severity level";
            }

            container application-services {
              description
                "Enable application services for this rule";
              container security-intelligence {
                description
                  "Generate security intellegence feeds";
                leaf add-attacker-ip-to-feed {
                  type string {
                    length "1 .. 64";
                  }
                  description
                    "Specify the desired feed-name";
                }

                leaf add-target-ip-to-feed {
                  type string {
                    length "1 .. 64";
                  }
                  description
                    "Specify the desired feed-name";
                }
              }  // container security-intelligence
            }  // container application-services
          }  // container then

          leaf terminal {
            type empty;
            description
              "Set/Unset terminal flag";
          }
        }  // list rule
      }  // container rulebase-ips

      container rulebase-exempt {
        description "Exempt rulebase";
        uses apply-advanced;

        list rule {
          key "name";
          ordered-by user;
          description
            "Configure exempt rule";
          leaf name {
            type string;
            description "Rule name";
          }

          uses apply-advanced;

          leaf description {
            type string;
            description "Rule description";
          }

          container match {
            description
              "Rule match criteria";
            uses apply-advanced;

            leaf from-zone {
              junos:must "((".. from-zone any" || "security zones security-zone $$"))";
              junos:must-message "from-zone should be 'any' or configured under [security zones security-zone]";
              type string;
              default "any";
              description "Match from zone";
            }

            choice source {
              leaf-list source-address {
                type string;
                ordered-by user;
                description
                  "Match source address";
              }
              leaf-list source-except {
                type string;
                ordered-by user;
                description
                  "Don't match source address";
              }

              case case_3 {
              }  // case case_3

              case case_4 {
              }  // case case_4
            }  // choice source

            leaf to-zone {
              junos:must "((".. to-zone any" || "security zones security-zone $$"))";
              junos:must-message "to-zone should be 'any' or configured under [security zones security-zone]";
              type string;
              default "any";
              description "Match to zone";
            }

            choice destination {
              leaf-list destination-address {
                type string;
                ordered-by user;
                description
                  "Match destination address";
              }
              leaf-list destination-except {
                type string;
                ordered-by user;
                description
                  "Don't match destination address";
              }

              case case_3 {
              }  // case case_3

              case case_4 {
              }  // case case_4
            }  // choice destination

            container attacks {
              description
                "Match attack objects";
              uses apply-advanced;

              leaf-list custom-attacks {
                type string;
                ordered-by user;
                description "Custom attacks";
              }

              leaf-list custom-attack-groups {
                type string;
                ordered-by user;
                description
                  "Custom attack groups";
              }

              leaf-list dynamic-attack-groups {
                type string;
                ordered-by user;
                description
                  "Dynamic attack groups";
              }

              leaf-list predefined-attacks {
                type string;
                ordered-by user;
                description
                  "Predefined attacks";
              }

              leaf-list predefined-attack-groups {
                type string;
                ordered-by user;
                description
                  "Predefined attack groups";
              }
            }  // container attacks
          }  // container match
        }  // list rule
      }  // container rulebase-exempt
    }  // grouping idp-policy-type

    grouping idpd-traceoptions-type {
      description "Trace options for idpd";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      list flag {
        key "name";
        ordered-by user;
        description
          "Events and other information to include in trace output";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "All events";
            }
          }
          description
            "Flag name to include in trace output";
        }
      }  // list flag

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }
    }  // grouping idpd-traceoptions-type

    grouping ids-option-type {
      description "Configure screen object";
      leaf name {
        type string {
          length "1 .. 64";
        }
        description "Screen object name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of screen";
      }

      leaf alarm-without-drop {
        type empty;
        description
          "Do not drop packet, only generate alarm";
      }

      leaf match-direction {
        type enumeration {
          enum "input" {
            value 0;
            description
              "Match on input to interface";
          }
          enum "output" {
            value 1;
            description
              "Match on output from interface";
          }
          enum "input-output" {
            value 2;
            description
              "Match on input to or output from interface";
          }
        }
        description "Match direction";
      }

      container aggregation {
        presence "enable aggregation";
        description
          "Configure the source and Destination prefix for a ids-option";
        uses apply-advanced;

        leaf source-prefix-mask {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 32";
            }
          }
          description "Source IPV4 prefix";
        }

        leaf destination-prefix-mask {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 32";
            }
          }
          description
            "Destination IPV4 prefix";
        }

        leaf source-prefix-v6-mask {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 128";
            }
          }
          description "Source IPV6 prefix";
        }

        leaf destination-prefix-v6-mask {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 128";
            }
          }
          description
            "Destination IPV6 prefix";
        }
      }  // container aggregation

      container icmp {
        description
          "Configure ICMP ids options";
        uses apply-advanced;

        container ip-sweep {
          presence "enable ip-sweep";
          description
            "Configure ip sweep ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1000 .. 1000000";
              }
            }
            units
              "microseconds in which 10 ICMP packets are detected";
            default "5000";
            description "Threshold";
          }
        }  // container ip-sweep

        leaf fragment {
          type empty;
          description
            "Enable ICMP fragment ids option";
        }

        leaf large {
          type empty;
          description
            "Enable large ICMP packet (size > 1024) ids option";
        }

        container flood {
          presence "enable flood";
          description
            "Configure icmp flood ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units "ICMP packets per second";
            default "1000";
            description "Threshold";
          }
        }  // container flood

        leaf ping-death {
          type empty;
          description
            "Enable ping of death ids option";
        }

        leaf icmpv6-malformed {
          type empty;
          description
            "Enable icmpv6 malformed ids option";
        }
      }  // container icmp

      container ip {
        description
          "Configure IP layer ids options";
        uses apply-advanced;

        leaf bad-option {
          type empty;
          description
            "Enable ip with bad option ids option";
        }

        leaf record-route-option {
          type empty;
          description
            "Enable ip with record route option ids option";
        }

        leaf timestamp-option {
          type empty;
          description
            "Enable ip with timestamp option ids option";
        }

        leaf security-option {
          type empty;
          description
            "Enable ip with security option ids option";
        }

        leaf stream-option {
          type empty;
          description
            "Enable ip with stream option ids option";
        }

        leaf spoofing {
          type empty;
          description
            "Enable IP address spoofing ids option";
        }

        leaf source-route-option {
          type empty;
          description
            "Enable ip source route ids option";
        }

        leaf loose-source-route-option {
          type empty;
          description
            "Enable ip with loose source route ids option";
        }

        leaf strict-source-route-option {
          type empty;
          description
            "Enable ip with strict source route ids option";
        }

        leaf unknown-protocol {
          type empty;
          description
            "Enable ip unknown protocol ids option";
        }

        leaf block-frag {
          type empty;
          description
            "Enable ip fragment blocking ids option";
        }

        leaf tear-drop {
          type empty;
          description
            "Enable tear drop ids option";
        }

        container ipv6-extension-header {
          description
            "Configure ipv6 extension header ids option";
          uses apply-advanced;

          container hop-by-hop-header {
            presence
              "enable hop-by-hop-header";
            description
              "Enable ipv6 hop by hop option header ids option";
            uses apply-advanced;

            leaf jumbo-payload-option {
              type empty;
              description
                "Enable jumbo payload option ids option";
            }

            leaf router-alert-option {
              type empty;
              description
                "Enable router alert option ids option";
            }

            leaf quick-start-option {
              type empty;
              description
                "Enable quick start option ids option";
            }

            leaf CALIPSO-option {
              type empty;
              description
                "Enable Common Architecture Label ipv6 Security Option ids option";
            }

            leaf SMF-DPD-option {
              type empty;
              description
                "Enable Simplified Multicast Forwarding ipv6 Duplicate Packet Detection option ids option";
            }

            leaf RPL-option {
              type empty;
              description
                "Enable Routing Protocol for Low-power and Lossy networks option ids option";
            }

            list user-defined-option-type {
              key "name";
              max-elements 256;
              ordered-by user;
              description
                "User-defined option type range";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "User-defined option type low value";
              }

              container to {
                description
                  "Upper limit of option type range";
                uses apply-advanced;

                leaf type-high {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255";
                    }
                  }
                  description
                    "User-defined option type high value";
                }
              }  // container to
            }  // list user-defined-option-type
          }  // container hop-by-hop-header

          leaf routing-header {
            type empty;
            description
              "Enable ipv6 routing header ids option";
          }

          leaf fragment-header {
            type empty;
            description
              "Enable ipv6 fragment header ids option";
          }

          leaf ESP-header {
            type empty;
            description
              "Enable ipv6 Encapsulating Security Payload header ids option";
          }

          leaf AH-header {
            type empty;
            description
              "Enable ipv6 Authentication Header ids option";
          }

          leaf no-next-header {
            type empty;
            description
              "Enable ipv6 no next header ids option";
          }

          container destination-header {
            presence
              "enable destination-header";
            description
              "Enable ipv6 destination option header ids option";
            uses apply-advanced;

            leaf tunnel-encapsulation-limit-option {
              type empty;
              description
                "Enable tunnel encapsulation limit option ids option";
            }

            leaf home-address-option {
              type empty;
              description
                "Enable home address option ids option";
            }

            leaf ILNP-nonce-option {
              type empty;
              description
                "Enable Identifier-Locator Network Protocol Nonce option ids option";
            }

            leaf line-identification-option {
              type empty;
              description
                "Enable line identification option ids option";
            }

            list user-defined-option-type {
              key "name";
              max-elements 256;
              ordered-by user;
              description
                "User-defined option type range";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "User-defined option type low value";
              }

              container to {
                description
                  "Upper limit of option type range";
                uses apply-advanced;

                leaf type-high {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255";
                    }
                  }
                  description
                    "User-defined option type high value";
                }
              }  // container to
            }  // list user-defined-option-type
          }  // container destination-header

          leaf shim6-header {
            type empty;
            description
              "Enable ipv6 shim header ids option";
          }

          leaf mobility-header {
            type empty;
            description
              "Enable ipv6 mobility header ids option";
          }

          leaf HIP-header {
            type empty;
            description
              "Enable ipv6 Host Identify Protocol header ids option";
          }

          list user-defined-header-type {
            key "name";
            max-elements 256;
            ordered-by user;
            description
              "User-defined header type range";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255";
                }
              }
              description
                "User-defined header type low value";
            }

            container to {
              description
                "Upper limit of header type range";
              uses apply-advanced;

              leaf type-high {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "User-defined header type high value";
              }
            }  // container to
          }  // list user-defined-header-type
        }  // container ipv6-extension-header

        leaf ipv6-extension-header-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 32";
            }
          }
          description
            "Enable ipv6 extension header limit ids option";
        }

        leaf ipv6-malformed-header {
          type empty;
          description
            "Enable ipv6 malformed header ids option";
        }

        container tunnel {
          description
            "Configure IP tunnel ids options";
          uses apply-advanced;

          leaf bad-inner-header {
            type empty;
            description
              "Enable IP tunnel bad inner header ids option";
          }

          container gre {
            description
              "Configure IP tunnel GRE ids option";
            uses apply-advanced;

            leaf gre-6in4 {
              type empty;
              description
                "Enable IP tunnel GRE 6in4 ids option";
            }

            leaf gre-4in6 {
              type empty;
              description
                "Enable IP tunnel GRE 4in6 ids option";
            }

            leaf gre-6in6 {
              type empty;
              description
                "Enable IP tunnel GRE 6in6 ids option";
            }

            leaf gre-4in4 {
              type empty;
              description
                "Enable IP tunnel GRE 4in4 ids option";
            }
          }  // container gre

          container ip-in-udp {
            description
              "Configure IP tunnel IPinUDP ids option";
            uses apply-advanced;

            leaf teredo {
              type empty;
              description
                "Enable IP tunnel IPinUDP Teredo ids option";
            }
          }  // container ip-in-udp

          container ipip {
            description
              "Configure IP tunnel IPIP ids option";
            uses apply-advanced;

            leaf ipip-6to4relay {
              type empty;
              description
                "Enable IP tunnel IPIP 6to4 Relay ids option";
            }

            leaf ipip-6in4 {
              type empty;
              description
                "Enable IP tunnel IPIP 6in4 ids option";
            }

            leaf ipip-4in6 {
              type empty;
              description
                "Enable IP tunnel IPIP 4in6 ids option";
            }

            leaf ipip-4in4 {
              type empty;
              description
                "Enable IP tunnel IPIP 4in4 ids option";
            }

            leaf ipip-6in6 {
              type empty;
              description
                "Enable IP tunnel IPIP 6in6 ids option";
            }

            leaf ipip-6over4 {
              type empty;
              description
                "Enable IP tunnel IPIP 6over4 ids option";
            }

            leaf isatap {
              type empty;
              description
                "Enable IP tunnel IPIP ISATAP ids option";
            }

            leaf dslite {
              type empty;
              description
                "Enable IP tunnel IPIP DS-Lite ids option";
            }
          }  // container ipip
        }  // container tunnel
      }  // container ip

      container tcp {
        description
          "Configure TCP Layer ids options";
        uses apply-advanced;

        leaf syn-fin {
          type empty;
          description
            "Enable SYN and FIN bits set attack ids option";
        }

        leaf fin-no-ack {
          type empty;
          description
            "Enable Fin bit with no ACK bit ids option";
        }

        leaf tcp-no-flag {
          type empty;
          description
            "Enable TCP packet without flag ids option";
        }

        leaf syn-frag {
          type empty;
          description
            "Enable SYN fragment ids option";
        }

        leaf syn-defense {
          type empty;
          description
            "Enable tcp syn-defense";
        }

        container port-scan {
          presence "enable port-scan";
          description
            "Configure TCP port scan ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1000 .. 1000000";
              }
            }
            units
              "microseconds in which 10 attack packets are detected";
            default "5000";
            description "Threshold";
          }
        }  // container port-scan

        container syn-ack-ack-proxy {
          presence
            "enable syn-ack-ack-proxy";
          description
            "Configure syn-ack-ack proxy ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 250000";
              }
            }
            units
              "un-authenticated connections";
            default "512";
            description "Threshold";
          }
        }  // container syn-ack-ack-proxy

        container syn-flood {
          presence "enable syn-flood";
          description
            "Configure SYN flood ids option";
          uses apply-advanced;

          leaf alarm-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units "requests per second";
            default "512";
            description "Alarm threshold";
          }

          leaf attack-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units
              "proxied requests per second";
            default "200";
            description "Attack threshold";
          }

          leaf source-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units "SYN pps";
            default "4000";
            description "Source threshold";
          }

          leaf destination-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units "SYN pps";
            default "4000";
            description
              "Destination threshold";
          }

          leaf queue-size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "200 .. 20000";
              }
            }
            units
              "proxied requests in queue";
            default "1024";
            status deprecated;
            description "Queue size";
          }

          leaf timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 50";
              }
            }
            units "seconds";
            default "20";
            description
              "SYN flood ager timeout";
          }

          list white-list {
            key "name";
            max-elements 2;
            description
              "Set of IP addresses that will not trigger a screen";
            leaf name {
              type string {
                junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                length "1 .. 32";
              }
              description "White-list name";
            }

            uses apply-advanced;

            leaf-list source-address {
              type jt:ipprefix;
              max-elements 32;
              ordered-by user;
              description "Source address";
            }

            leaf-list destination-address {
              type jt:ipprefix;
              max-elements 32;
              ordered-by user;
              description
                "Destination address";
            }
          }  // list white-list
        }  // container syn-flood

        leaf land {
          type empty;
          description
            "Enable land attack ids option";
        }

        leaf winnuke {
          type empty;
          description
            "Enable winnuke attack ids option";
        }

        container tcp-sweep {
          presence "enable tcp-sweep";
          description
            "Configure TCP sweep ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1000 .. 1000000";
              }
            }
            units
              "microseconds in which 10 TCP packets are detected";
            default "5000";
            description "Threshold";
          }
        }  // container tcp-sweep
      }  // container tcp

      container udp {
        description
          "Configure UDP layer ids options";
        uses apply-advanced;

        container flood {
          presence "enable flood";
          description
            "Configure UDP flood ids option";
          uses apply-advanced;

          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units "UDP packets per second";
            default "1000";
            description "Threshold";
          }

          leaf-list white-list {
            type string;
            max-elements 2;
            ordered-by user;
            description
              "Configure UDP flood white list group name";
          }
        }  // container flood

        container udp-sweep {
          presence "enable udp-sweep";
          description
            "Configure UDP sweep ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1000 .. 1000000";
              }
            }
            units
              "microseconds in which 10 UDP packets are detected";
            default "5000";
            description "Threshold";
          }
        }  // container udp-sweep

        container port-scan {
          presence "enable port-scan";
          description
            "Configure UDP port scan ids option";
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1000 .. 1000000";
              }
            }
            units
              "microseconds in which 10 attack packets are detected";
            default "5000";
            description "Threshold";
          }
        }  // container port-scan
      }  // container udp

      container limit-session {
        description "Limit sessions";
        uses apply-advanced;

        leaf source-ip-based {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Limit sessions from the same source IP";
        }

        leaf destination-ip-based {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Limit sessions to the same destination IP";
        }

        container by-source {
          presence "enable by-source";
          description
            "Limit sessions from the same source IP or subnet";
          uses apply-advanced;

          leaf maximum-sessions {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Limit sessions on the basis of maximum concurrent sessions";
          }

          leaf packet-rate {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Limit sessions on the basis of packet rate";
          }

          leaf session-rate {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Limit sessions on the basis of session rate";
          }

          container by-protocol {
            presence "enable by-protocol";
            description
              "Limit sessions on the basis of protocol";
            uses by-protocol-object-type;
          }  // container by-protocol

          leaf-list whitelist {
            type string;
            max-elements 10;
            ordered-by user;
            description
              "Configure white list group name";
          }
        }  // container by-source

        container by-destination {
          presence "enable by-destination";
          description
            "Limit sessions to the same destination IP or subnet";
          uses apply-advanced;

          leaf maximum-sessions {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Limit sessions on the basis of maximum concurrent sessions";
          }

          leaf packet-rate {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Limit sessions on the basis of packet rate";
          }

          leaf session-rate {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Limit sessions on the basis of session rate";
          }

          container by-protocol {
            presence "enable by-protocol";
            description
              "Limit sessions on the basis of protocol";
            uses by-protocol-object-type;
          }  // container by-protocol

          leaf-list whitelist {
            type string;
            max-elements 10;
            ordered-by user;
            description
              "Configure white list group name";
          }
        }  // container by-destination
      }  // container limit-session
    }  // grouping ids-option-type

    grouping by-protocol-object-type {
      description
        "Configure limit-session on the basis of protocol";
      uses apply-advanced;

      container tcp {
        presence "enable tcp";
        description
          "Configure limit-session on the basis of TCP";
        uses by-protocol-object-limit-tcp-type;
      }  // container tcp

      container udp {
        presence "enable udp";
        description
          "Configure limit-session on the basis of UDP";
        uses by-protocol-object-limit-type;
      }  // container udp

      container icmp {
        presence "enable icmp";
        description
          "Configure limit-session on the basis of ICMP";
        uses by-protocol-object-limit-type;
      }  // container icmp
    }  // grouping by-protocol-object-type

    grouping by-protocol-object-limit-tcp-type {
      description
        "Configure the limit-session for tcp protocol";
      uses apply-advanced;

      leaf maximum-sessions {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Limit sessions on the basis of maximum concurrent sessions";
      }

      leaf packet-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Limit sessions on the basis of packet rate";
      }

      leaf session-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Limit sessions on the basis of session rate";
      }

      leaf-list whitelist {
        type string;
        max-elements 10;
        ordered-by user;
        description
          "Configure white list group name";
      }

      container syn-cookie {
        presence "enable syn-cookie";
        description
          "Configure syn-cookie parameters";
        uses apply-advanced;

        leaf mss {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "64 .. 65535";
            }
          }
          description
            "TCP maximum segment size";
        }

        leaf threshold-rate {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 4294967295";
            }
          }
          description
            "TCP-SYN cps rate to trigger SYN-COOKIE";
        }

        leaf threshold-num {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Number of sessions to trigger SYN-COOKIE";
        }
      }  // container syn-cookie
    }  // grouping by-protocol-object-limit-tcp-type

    grouping by-protocol-object-limit-type {
      description
        "Configure the limit-session for each protocol";
      uses apply-advanced;

      leaf maximum-sessions {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Limit sessions on the basis of maximum concurrent sessions";
      }

      leaf packet-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Limit sessions on the basis of packet rate";
      }

      leaf session-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Limit sessions on the basis of session rate";
      }

      leaf-list whitelist {
        type string;
        max-elements 10;
        ordered-by user;
        description
          "Configure white list group name";
      }
    }  // grouping by-protocol-object-limit-type

    grouping ids-wlist-type {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        description "White-list name";
      }

      uses apply-advanced;

      leaf-list address {
        type jt:ipprefix;
        max-elements 32;
        ordered-by user;
        description "Address";
      }
    }  // grouping ids-wlist-type

    grouping ie-filter-object {
      leaf name {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "1 .. 255";
          }
        }
        description "Set IE number";
      }

      uses apply-advanced;

      list instance {
        key "name";
        description "Set instance";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "0 .. 11";
            }
          }
          description "Set instance number";
        }

        uses apply-advanced;

        container grouped-ie-profile {
          description
            "Set GTP IE filter for grouped IE";
          uses apply-advanced;

          leaf grpie-prf-name {
            junos:must "(("security gprs gtp grouped-ie-profile $$" || "security gtp grouped-ie-profile $$"))";
            junos:must-message "referenced grouped-ie-profile not found";
            type string {
              length "1 .. 23";
            }
            description
              "Set grouped IE profile";
          }
        }  // container grouped-ie-profile
      }  // list instance
    }  // grouping ie-filter-object

    grouping ims-connection-type {
      description
        "Identity management connection";
      uses apply-advanced;

      leaf connect-method {
        type enumeration {
          enum "https" {
            value 0;
            description "HTTPS connection";
          }
          enum "http" {
            value 1;
            description "HTTP connection";
          }
        }
        description "Method of connection";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        default "443";
        description "Server port";
      }

      container primary {
        description "Primary server";
        uses server-connection-type;
      }  // container primary

      container secondary {
        description "Secondary server";
        uses server-connection-type;
      }  // container secondary

      leaf token-api {
        type string {
          length "1 .. 128";
        }
        description
          "API of acquiring token for OAuth2 authentication";
      }

      leaf query-api {
        type string {
          length "4 .. 128";
        }
        description "Query API";
      }
    }  // grouping ims-connection-type

    grouping ims-traceoptions-type {
      description
        "Identity management tracing Options";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description
                "Trace identity management all modules";
            }
            enum "authentication-management" {
              value 1;
              description
                "Trace advanced-query auth table management module";
            }
            enum "configuration" {
              value 2;
              description
                "Trace identity management configuration";
            }
            enum "dispatcher" {
              value 3;
              description
                "Trace dispatcher module";
            }
            enum "query" {
              value 4;
              description
                "Trace query process";
            }
            enum "jims-validator-query" {
              value 5;
              description
                "Trace jims validator query process";
            }
            enum "memory" {
              value 6;
              description "Trace memory";
            }
          }
        }
      }  // list flag
    }  // grouping ims-traceoptions-type

    grouping jims-validator-type {
      description
        "Web server from JIMS for Validate or group query request";
      uses apply-advanced;

      leaf address {
        type string {
          length "1 .. 128";
        }
        description
          "IP address or hostname of web server";
      }

      leaf client-id {
        type string {
          length "1 .. 64";
        }
        description
          "Client ID for OAuth2 grant";
      }

      leaf client-secret {
        type string {
          length "1 .. 128";
        }
        description
          "Client secret for OAuth2 grant";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        default "591";
        description "Web server port";
      }
    }  // grouping jims-validator-type

    grouping jsf_application_traffic_control_rule_set_type {
      description
        "Define service application traffic rule-set reference";
      uses apply-advanced;

      leaf rule-set {
        junos:must "("class-of-service application-traffic-control rule-sets $$")";
        junos:must-message "rule-set must be defined";
        type string {
          length "1 .. 64";
        }
        description "Service rule-set name";
      }
    }  // grouping jsf_application_traffic_control_rule_set_type

    grouping juniper-enhanced-category-type {
      description
        "Juniper enhanced category type";
      leaf name {
        type string {
          length "1 .. 59";
        }
        description
          "Name of Juniper enhanced category";
      }

      uses apply-advanced;

      leaf action {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action to perform when web traffic matches category";
      }

      leaf custom-message {
        junos:must "("security utm custom-objects custom-message $$")";
        junos:must-message "custom-message must be defined";
        type string;
        description "Custom message";
      }
    }  // grouping juniper-enhanced-category-type

    grouping juniper-enhanced-server {
      description
        "Server handling categorization requests";
      uses apply-advanced;

      leaf host {
        type string;
        description
          "Server host IP address or string host name";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        description "Server port";
      }

      leaf proxy-profile {
        junos:must "("services proxy profile $$")";
        junos:must-message "Referenced Proxy profile must be defined";
        type string {
          length "1 .. 64";
        }
        description "Proxy profile";
      }

      leaf routing-instance {
        junos:must "("routing-instances $$")";
        junos:must-message "Routing-instance must be defined";
        type string;
        description "Routing instance name";
      }

      leaf source-address {
        type jt:ipaddr;
        description
          "Source ip address used to connect server";
      }
    }  // grouping juniper-enhanced-server

    grouping juniper-enhanced-site-reputation-setting {
      description
        "Juniper enhanced site reputation settings";
      uses apply-advanced;

      leaf very-safe {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action when site reputation is very safe";
      }

      leaf moderately-safe {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action when site reputation is moderately safe";
      }

      leaf fairly-safe {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action when site reputation is fairly safe";
      }

      leaf suspicious {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action when site reputation is suspicious";
      }

      leaf harmful {
        type enumeration {
          enum "permit" {
            value 0;
          }
          enum "log-and-permit" {
            value 1;
          }
          enum "block" {
            value 2;
          }
          enum "quarantine" {
            value 3;
          }
        }
        description
          "Action when site reputation is harmful";
      }
    }  // grouping juniper-enhanced-site-reputation-setting

    grouping juniper-routing-instance {
      description "Routing instance";
      leaf name {
        type string {
          junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
          junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
        }
        description "Routing instance name";
      }

      uses apply-advanced;

      container vlans {
        junos:must "((".. instance-type virtual-switch" || ".. instance-type mac-vrf"))";
        junos:must-message "'vlans' configuration can only be used for 'instance-type virtual-switch' or 'instance-type mac-vrf'";
        junos:must "(!("bridge-domains"))";
        junos:must-message "VLANs cannot be configured when BDs are configured";
        description "VLAN configuration";
        uses apply-advanced;

        list vlan {
          key "name";
          description "Virtual LAN";
          uses vlan-types;
        }  // list vlan
      }  // container vlans

      container protocols {
        junos:must "((!(". pim") || (".. instance-type" && !(".. instance-type no-forwarding"))))";
        junos:must-message "pim configuration is not allowed for 'instance-type no-forwarding'";
        description
          "Routing protocol configuration";
        uses apply-advanced;

        container bfd {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "bfd configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "bfd configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "bfd configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "bfd configuration is not allowed for 'instance-type virtual-switch'";
          presence "enable bfd";
          uses juniper-ri-protocols-bfd;
        }  // container bfd

        container igmp-snooping {
          junos:must "((".. .. instance-type vpls" || (".. .. instance-type evpn" || (".. .. instance-type mac-vrf" || ".. .. instance-type virtual-switch"))))";
          junos:must-message "igmp-snooping configuration is allowed only for 'instance-type vpls/virtual-switch/evpn/mac-vrf'";
          junos:must "(!(".. pim-snooping"))";
          junos:must-message "igmp-snooping configuration do not co-exist with pim-snooping";
          junos:must "((".. .. instance-type vpls" || (".. .. instance-type evpn" || (".. .. instance-type mac-vrf" || (".. .. instance-type virtual-switch " && !(".. vpls"))))))";
          junos:must-message "igmp-snooping configuration is allowed only for 'instance-type vpls/evpn/mac-vrf or instance-type virtual-switch without vpls'";
          presence "enable igmp-snooping";
          description
            "IGMP snooping configuration";
          uses juniper-ri-protocols-igmp-snooping;
        }  // container igmp-snooping

        container mld-snooping {
          junos:must "((".. .. instance-type vpls" || (".. .. instance-type evpn" || ".. .. instance-type virtual-switch")))";
          junos:must-message "mld-snooping configuration is allowed only for 'instance-type vpls/virtual-switch/evpn'";
          junos:must "((".. .. instance-type vpls" || (".. .. instance-type evpn" || (".. .. instance-type mac-vrf" || (".. .. instance-type virtual-switch " && !(".. vpls"))))))";
          junos:must-message "mld-snooping configuration is allowed only for 'instance-type vpls/evpn/mac-vrf or instance-type virtual-switch without vpls'";
          presence "enable mld-snooping";
          description
            "MLD snooping configuration";
          uses juniper-ri-protocols-mld-snooping;
        }  // container mld-snooping

        container amt {
          junos:must "(!(".. .. instance-type no-forwarding"))";
          junos:must-message "amt configuration is not allowed for 'instance-type no-forwarding'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "amt configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "amt configuration is not allowed for 'instance-type virtual-switch'";
          description
            "AMT relay configuration";
          uses juniper-protocols-amt;
        }  // container amt

        container bgp {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "bgp configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "bgp configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "bgp configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "bgp configuration is not allowed for 'instance-type virtual-switch'";
          description "BGP options";
          uses juniper-protocols-bgp;
        }  // container bgp

        container esis {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "esis configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "esis configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "esis configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "esis configuration is not allowed for 'instance-type virtual-switch'";
          description "ES-IS configuration";
          uses juniper-protocols-esis;
        }  // container esis

        container router-discovery {
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "This configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "This configuration is not allowed for 'instance-type virtual-switch'";
          description
            "ICMP router discovery options";
          uses juniper-protocols-router-discovery;
        }  // container router-discovery

        container isis {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "isis configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "isis configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "isis configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "isis configuration is not allowed for 'instance-type virtual-switch'";
          description "IS-IS configuration";
          uses juniper-protocols-isis;
        }  // container isis

        container l2vpn {
          junos:must "(!(".. evpn"))";
          junos:must-message "This configuration is not allowed with 'protocols evpn'";
          junos:must "(!(".. vpls"))";
          junos:must-message "This configuration is not allowed with 'protocols vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "This configuration is not allowed for 'instance-type layer2-control'";
          description
            "Layer 2 VPN configuration";
          uses juniper-protocols-l2vpn;
        }  // container l2vpn

        container vpls {
          junos:must "(!(".. .. instance-type mac-vrf"))";
          junos:must-message "This configuration is not allowed for instance-type mac-vrf";
          junos:must "(!((".. .. instance-type virtual-switch" && ".. evpn")))";
          junos:must-message "This configuration is not allowed for instance-type virtual-switch with 'protocols evpn' enabled";
          junos:must "(!(".. l2vpn"))";
          junos:must-message "This configuration is not allowed with 'protocols l2vpn'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "This configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(".. vpls no-tunnel-services")";
          junos:must-message "'no-tunnel-services' must be configured under 'protocols vpls' to enable vpls";
          presence "enable vpls";
          description "VPLS configuration";
          uses juniper-protocols-l2vpn;
        }  // container vpls

        container ldp {
          junos:must "((!(".. ldp p2mp") || (".. ldp p2mp" && !(".. .. instance-type virtual-router"))))";
          junos:must-message "p2mp under ldp is not allowed for 'instance-type virtual-router'";
          junos:must "((!(".. ldp p2mp") || (".. ldp p2mp" && !(".. .. instance-type vrf"))))";
          junos:must-message "p2mp under ldp is not allowed for 'instance-type vrf'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "ldp configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "ldp configuration is not allowed for 'instance-type virtual-switch'";
          description "LDP configuration";
          uses juniper-protocols-ldp;
        }  // container ldp

        container mpls {
          junos:must "(!(".. .. instance-type evpn"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type evpn'";
          junos:must "(!(".. .. instance-type mpls-internet-multicast"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type mpls-internet-multicast'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type atmvpn"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type atmvpn'";
          junos:must "(!(".. .. instance-type l2backhaul-vpn"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type l2backhaul-vpn'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type virtual-switch'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type no-forwarding"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type no-forwarding'";
          junos:must "(!(".. .. instance-type forwarding"))";
          junos:must-message "mpls configuration is not allowed for 'instance-type forwarding'";
          description "MPLS configuration";
          uses juniper-protocols-mpls;
        }  // container mpls

        container msdp {
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "msdp configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "msdp configuration is not allowed for 'instance-type virtual-switch'";
          description "MSDP configuration";
          uses juniper-protocols-msdp;
        }  // container msdp

        container mvpn {
          junos:must "((!("system processes routing bgp rib-sharding") || (!(".. .. protocols bgp group") || (!(".. .. routing-options auto-export") || "system processes routing bgp rib-sharding no-l3vpn"))))";
          junos:must-message "Auto-export of BGP learned routes will not work with sharding MVPN context";
          junos:must "((".. pim" || (".. .. instance-type mpls-internet-multicast" || (".. .. provider-tunnel inter-as" || ".. .. provider-tunnel inter-region"))))";
          junos:must-message "MVPN configuration requires PIM configuration in the VRF or MPLS internet multicast instance";
          junos:must "((!("routing-options nonstop-routing") || (".. .. route-distinguisher" || (".. pim mvpn" || ".. .. instance-type mpls-internet-multicast"))))";
          junos:must-message "Nonstop routing and auto-rd mvpn instance may not be configured together";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "mvpn configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "mvpn configuration is not allowed for 'instance-type virtual-switch'";
          presence "enable mvpn";
          description
            "BGP-MVPN configuration";
          uses juniper-protocols-mvpn;
        }  // container mvpn

        container ospf {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type virtual-switch'";
          description "OSPF configuration";
          uses juniper-protocols-ospf;
        }  // container ospf

        container ospf3 {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "ospf configuration is not allowed for 'instance-type virtual-switch'";
          description "OSPF3 configuration";
          uses juniper-protocols-ospf3;
        }  // container ospf3

        container pim {
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "pim configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "pim configuration is not allowed for 'instance-type virtual-switch'";
          description "PIM configuration";
          uses juniper-protocols-pim;
        }  // container pim

        container ripng {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "ripng configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "ripng configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "ripng configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "ripng configuration is not allowed for 'instance-type virtual-switch'";
          description "RIPng options";
          uses juniper-protocols-ripng;
        }  // container ripng

        container rip {
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "rip configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "rip configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "rip configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "rip configuration is not allowed for 'instance-type virtual-switch'";
          description "RIP options";
          uses juniper-protocols-rip;
        }  // container rip

        container rsvp {
          junos:must "(!(".. .. instance-type evpn"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type evpn'";
          junos:must "(!(".. .. instance-type mpls-internet-multicast"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type mpls-internet-multicast'";
          junos:must "(!(".. .. instance-type layer2-control"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type layer2-control'";
          junos:must "(!(".. .. instance-type atmvpn"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type atmvpn'";
          junos:must "(!(".. .. instance-type l2backhaul-vpn"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type l2backhaul-vpn'";
          junos:must "(!(".. .. instance-type virtual-switch"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type virtual-switch'";
          junos:must "(!(".. .. instance-type vpls"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type vpls'";
          junos:must "(!(".. .. instance-type l2vpn"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type l2vpn'";
          junos:must "(!(".. .. instance-type no-forwarding"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type no-forwarding'";
          junos:must "(!(".. .. instance-type forwarding"))";
          junos:must-message "rsvp configuration is not allowed for 'instance-type forwarding'";
          description "RSVP configuration";
          uses juniper-protocols-rsvp;
        }  // container rsvp

        container pim-snooping {
          junos:must "(!(".. .. routing-interface"))";
          junos:must-message "routing-interface can not be configured when pim-snooping is configured";
          junos:must "(!(".. igmp-snooping"))";
          junos:must-message "pim-snooping configuration can not coexist with igmp-snooping";
          junos:must "(".. .. instance-type vpls")";
          junos:must-message "pim-snooping configuration is allowed only for 'instance-type vpls'";
          presence "enable pim-snooping";
          description
            "PIM snooping configuration";
          uses juniper-protocols-pim-snooping;
        }  // container pim-snooping

        container mvrp {
          junos:must "((!(".. vstp") || ".. vstp disable"))";
          junos:must-message "vstp enabled, mvrp is not supported";
          junos:must "(((".. mstp" && !(".. mstp disable")) || (".. rstp" && !(".. rstp disable"))))";
          junos:must-message "rstp/mstp is not enabled, mvrp is not allowed";
          junos:must "(".. .. instance-type virtual-switch")";
          junos:must-message "mvrp is allowed only in virtual-switch instance";
          description "MVRP configuration";
          uses juniper-protocols-mvrp;
        }  // container mvrp

        container rstp {
          junos:must "((".. .. instance-type layer2-control" || ".. .. instance-type virtual-switch"))";
          junos:must-message "STP protocols allowed only in layer2-control or virtual-switch instance";
          description "RSTP configuration";
          uses juniper-protocols-stp;
        }  // container rstp

        container mstp {
          junos:must "((".. .. instance-type layer2-control" || ".. .. instance-type virtual-switch"))";
          junos:must-message "STP protocols allowed only in layer2-control or virtual-switch instance";
          description "MSTP configuration";
          uses juniper-protocols-mstp;
        }  // container mstp

        container vstp {
          junos:must "((".. vstp disable" || (!(".. mstp") || ".. mstp disable")))";
          junos:must-message "MSTP is enabled in the same routing instance, VSTP not allowed";
          junos:must "((".. .. instance-type layer2-control" || ".. .. instance-type virtual-switch"))";
          junos:must-message "STP protocols allowed only in layer2-control or virtual-switch instance";
          description "VSTP configuration";
          uses juniper-protocols-vstp;
        }  // container vstp
      }  // container protocols

      list interface {
        key "name";
        description
          "Interface name for this routing instance";
        leaf name {
          junos:must "((!("interfaces $$-IFL etree-ac-role") || ".. .. protocols evpn evpn-etree"))";
          junos:must-message "etree must be enabled under routing-instance";
          junos:must "(!(("interfaces $$-IFL family bridge interface-mode" && ".. .. instance-type evpn")))";
          junos:must-message "access/trunk interfaces are not allowed in evpn instance";
          junos:must "((!(("interfaces $$-IFL vlan-id-list" || "interfaces $$-IFL vlan-tags inner-list")) || !((".. .. vlan-id" || ".. .. vlan-tags"))))";
          junos:must-message "interface with vlan-id-list/inner-list cannot be added to routing-instance with a vlan-id/vlan-tags configured";
          junos:must "((!(("interfaces $$-IFL family bridge interface-mode" || "interfaces $$-IFL family ethernet-switching")) || (".. .. instance-type virtual-switch" || ".. .. instance-type mac-vrf")))";
          junos:must-message "Interface with 'interface-mode' is allowed only in a virtual-switch or mac-vrf instance";
          junos:must "((!(".. .. instance-type virtual-switch") || ("interfaces $$-IFL family bridge interface-mode" || "interfaces $$-IFL family ethernet-switching")))";
          junos:must-message "Only interface with 'interface-mode' is allowed in a virtual-switch";
          junos:must "(!(".. .. .. routing-instances bridge-domains interfaces $$"))";
          junos:must-message "The interface cannot be defined both at routing-instance and bridge-domain level";
          junos:must "((!("interfaces $$-IFL vlan-id-range") || (".. .. instance-type vpls" || ".. .. instance-type evpn")))";
          junos:must-message "vlan-id-range is specified for this logical interface; the routing instance must be of type vpls or evpn";
          junos:must "(((".. .. vlan-id all" && "interfaces $$-IFL input-vlan-map pop") || (".. .. vlan-id inner-all" || (!((".. .. vlan-id" || ".. .. vlan-tags")) || (!(("interfaces $$-IFL input-vlan-map" || "interfaces $$-IFL output-vlan-map")) || (".. .. no-normalization" || ".. .. bridge-options no-normalization"))))))";
          junos:must-message "interface with input/output vlan-maps cannot be added to a routing-instance with a vlan-id/vlan-tags configured";
          junos:must "((!("interfaces $$-IFL vlan-tags inner-range") || ((".. .. vlan-id all" || ".. .. vlan-id inner-all") || (".. .. no-normalization" || ".. .. bridge-options no-normalization"))))";
          junos:must-message "vlan-tags inner-range is specified for this logical interface; 'vlan-id all' or 'vlan-id inner-all' should also be enabled";
          type string;
        }

        uses apply-advanced;

        choice mode {
          leaf any {
            type empty;
            description
              "Interface used for both unicast and multicast traffic";
          }
          leaf unicast {
            type empty;
            description
              "Interface used for unicast traffic only";
          }
          leaf multicast {
            type empty;
            description
              "Interface used for multicast traffic only";
          }
        }  // choice mode

        leaf primary {
          junos:must "(!(".. unicast"))";
          junos:must-message "'primary' option can not be configured for unicast interface";
          junos:must "((".. .. instance-type vrf" || ".. .. instance-type mpls-internet-multicast"))";
          junos:must-message "'primary' option can only be configured for instance-type 'vrf' or 'mpls-internet-multicast'";
          type empty;
          description
            "Preferred multicast vt interface for the routing-instance";
        }

        leaf protect-interface {
          junos:must "("interfaces $$")";
          junos:must-message "Interface must be part of this routing instance";
          junos:must "(!("interfaces ${inter_name} esi"))";
          junos:must-message "ESI can not be configured for protect interface";
          junos:must "("routing-instances ${instance} protocols evpn")";
          junos:must-message "Protocol EVPN must be configured in the evpn instance";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Name of protect interface";
        }
      }  // list interface

      leaf description {
        type string {
          junos:posix-pattern "^.{1,255}$";
          junos:pattern-message "Must be a string of 255 characters or less";
        }
        description
          "Text description of routing instance";
      }

      leaf vlan-model {
        type enumeration {
          enum "one-to-one" {
            value 0;
            description
              "Customer VLAN model (1:1)";
          }
        }
        description
          "Subscriber vlan-model in L2Wholesale framework";
      }

      container vtep-source-interface {
        description
          "Source layer-3 IFL for VXLAN";
        leaf interface-name {
          junos:must "("interfaces $$")";
          junos:must-message "Interface must be defined";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
        }

        choice family {
          container inet {
            presence "enable inet";
            description "IPv4 source";
            uses apply-advanced;
          }  // container inet
          container inet6 {
            junos:must "((!("routing-instances ${instance} protocols evpn") || "routing-instances ${instance} protocols evpn encapsulation vxlan"))";
            junos:must-message "encapsulation vxlan must be enabled for IPv6 underlay";
            presence "enable inet6";
            description "IPv6 source";
            uses apply-advanced;
          }  // container inet6
        }  // choice family
      }  // container vtep-source-interface

      container vtep-remote-interface {
        description "Remote VTEP interface";
        uses apply-advanced;

        list remote-ip {
          key "name";
          ordered-by user;
          description
            "Remote VTEP IP address";
          leaf name {
            type jt:ipv4addr;
            description "IP address";
          }

          uses apply-advanced;

          leaf dynamic-profile {
            junos:must "("dynamic-profiles $$")";
            junos:must-message "Dynamic profile must be defined";
            type string;
            description
              "Define associate dynamic profile";
          }
        }  // list remote-ip

        container default {
          description
            "To all remote vtep interface";
          uses apply-advanced;

          leaf dynamic-profile {
            junos:must "("dynamic-profiles $$")";
            junos:must-message "Dynamic profile must be defined";
            type string;
            description
              "Define associate dynamic profile";
          }
        }  // container default
      }  // container vtep-remote-interface

      leaf-list remote-vtep-list {
        type jt:ipaddr;
        max-elements 1024;
        description
          "Configure static remote VXLAN tunnel endpoints";
      }

      leaf-list remote-vtep-v6-list {
        type jt:ipv6addr;
        max-elements 1024;
        description
          "Configurate static ipv6 remote VXLAN tunnel endpoints";
      }

      leaf instance-role {
        type enumeration {
          enum "access" {
            value 0;
            description
              "Role of Access/Aggregation router";
          }
          enum "nni" {
            value 1;
            description
              "Role of Provider network interfacing router";
          }
        }
        description
          "Primary role of L2Backhaul-vpn router";
      }

      leaf instance-type {
        type enumeration {
          enum "virtual-switch" {
            value 0;
            description
              "Virtual switch routing instance";
          }
          enum "layer2-control" {
            value 1;
            description
              "Layer 2 control protocols";
          }
          enum "mac-vrf" {
            junos:must "((".. bridge-domains" || ".. vlans"))";
            junos:must-message "bridge-domains must be configured for mac-vrf instance";
            junos:must "(".. service-type")";
            junos:must-message "service-type must be configured for mac-vrf instance";
            junos:must "("routing-instances ${instance} protocols evpn")";
            junos:must-message "Protocol EVPN must be configured in the mac-vrf instance";
            value 2;
            description
              "MAC-VRF routing instance";
          }
          enum "forwarding" {
            value 3;
            description
              "Forwarding instance";
          }
          enum "no-forwarding" {
            value 4;
            description
              "Nonforwarding instance";
          }
          enum "l2vpn" {
            value 5;
            description
              "Layer 2 VPN routing instance";
          }
          enum "vpls" {
            value 6;
            description
              "VPLS routing instance";
          }
          enum "virtual-router" {
            value 7;
            description
              "Virtual routing instance";
          }
          enum "l2backhaul-vpn" {
            junos:must "(".. instance-role")";
            junos:must-message "'instance-role' statement must be configured for l2backhaul-vpn instance";
            junos:must "(".. no-local-switching")";
            junos:must-message "'no-local-switching' statement must be configured for l2backhaul-vpn instance";
            junos:must "(".. vlan-model")";
            junos:must-message "'vlan-model' statement must be configured for l2backhaul-vpn instance";
            value 8;
            description
              "L2Backhaul/L2Wholesale routing instance";
          }
          enum "mpls-internet-multicast" {
            junos:must "(("protocols pim" || ".. provider-tunnel inter-region"))";
            junos:must-message "Protocol PIM must be configured in the master instance";
            value 9;
            description
              "Internet Multicast over MPLS routing instance";
          }
          enum "evpn" {
            junos:must "("routing-instances ${instance} protocols evpn")";
            junos:must-message "Protocol EVPN must be configured in the evpn instance";
            value 10;
            description
              "EVPN routing instance";
          }
          enum "mpls-forwarding" {
            value 11;
            description
              "Routing instance provides a MPLS forwarding-context";
          }
          enum "evpn-vpws" {
            junos:must "("routing-instances ${instance} protocols evpn")";
            junos:must-message "Protocol EVPN must be configured in the evpn-vpws instance";
            value 12;
            description
              "EVPN VPWS routing instance";
          }
          enum "vrf" {
            value 13;
            description
              "Virtual routing forwarding instance";
          }
        }
        description
          "Type of routing instance";
      }

      choice vlan_choice {
        leaf vlan-id {
          junos:must "(!(".. instance-type mac-vrf"))";
          junos:must-message "'vlan-id' must be configured within bridge-domains for 'instance-type mac-vrf'";
          junos:must "((".. instance-type vpls" || ".. instance-type evpn"))";
          junos:must-message "'vlan-id' statement can be included only for a VPLS or EVPN";
          type string;
          description
            "IEEE 802.1q VLAN identifier for bridging domain";
        }
        container vlan-tags {
          junos:must "(".. instance-type vpls")";
          junos:must-message "'vlan-tags' statement can be included only for VPLS instance";
          presence "enable vlan-tags";
          description
            "IEEE 802.1q VLAN tags for bridging domain";
          leaf outer {
            type string {
              junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$";
              junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094";
            }
            description
              "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
          }

          leaf inner {
            type string {
              junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$";
              junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094";
            }
            description
              "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
          }
        }  // container vlan-tags
      }  // choice vlan_choice

      container system {
        description "System parameters";
        uses apply-advanced;

        container services {
          description "System services";
          uses apply-advanced;

          container dhcp-local-server {
            description
              "Dynamic Host Configuration Protocol server configuration";
            uses jdhcp-local-server-type;
          }  // container dhcp-local-server

          container static-subscribers {
            description
              "Static Subscriber Client configuration";
            uses jsscd-static-subscribers-type;
          }  // container static-subscribers
        }  // container services
      }  // container system

      container access {
        description
          "Network access configuration";
        uses apply-advanced;

        container address-assignment {
          description
            "Address assignment configuration";
          uses address-assignment-type;
        }  // container address-assignment

        container address-protection {
          presence
            "enable address-protection";
          description
            "Initiate Duplicate Address Protection";
          uses apply-advanced;

          leaf reassign-on-match {
            type empty;
            description
              "Disconnect owning session and reassign to this session";
          }
        }  // container address-protection
      }  // container access

      container access-profile {
        description
          "Access profile for this instance";
        leaf access-profile-name {
          junos:must "("access profile $$")";
          junos:must-message "Access-profile must be defined in the [edit access profile] hierarchy";
          type string;
          description "Profile name";
        }
      }  // container access-profile

      leaf routing-interface {
        junos:must "(!("interfaces $$-IFL family mpls"))";
        junos:must-message "routing-interface with family mpls cannot be added to VPLS instance";
        junos:must "(!(".. instance-type virtual-switch"))";
        junos:must-message "routing-interface must be configured within bridge-domains for 'instance-type virtual-switch'";
        junos:must "(!("routing-instances ${instance} service-type vlan-bundle"))";
        junos:must-message "routing-interface not valid for vlan-bundle service type";
        junos:must "((!(".. vlan-id all") && !(".. vlan-id inner-all")))";
        junos:must-message "routing-interface cannot be configured under routing-instance with 'vlan-id all' or 'vlan-id inner-all'";
        junos:must "((".. vlan-id" || ".. vlan-tags"))";
        junos:must-message "routing-interface can be configured only under routing-instance with 'vlan-id' or 'vlan-tags'";
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Routing interface name for this routing-instance";
      }

      container vxlan {
        junos:must "((". ovsdb-managed" || (". multicast-group" || (". multicast-v6-group" || (". ingress-node-replication" || ("routing-instances ${instance} switch-options ovsdb-managed" || "routing-instances ${instance} protocols evpn encapsulation vxlan"))))))";
        junos:must-message "multicast-group or multicast-v6-group or ovsdb-managed or ingress-node-replication or protocols evpn encapsulation vxlan should be enabled. ingress-node-replication must be configured when remote-vtep-list is configured";
        junos:must "((". ovsdb-managed" || ("routing-instances ${instance} switch-options ovsdb-managed" || (". multicast-group" || (". multicast-v6-group" || ("routing-instances ${instance} remote-vtep-list" || ("routing-instances ${instance} remote-vtep-v6-list" || "routing-instances ${instance} protocols evpn encapsulation vxlan")))))))";
        junos:must-message "One of multicast-group or multicast-v6-group or ovsdb-managed or protocols evpn encapsulation vxlan or remote-vtep-list or remote-vtep-v6-list should be enabled";
        junos:must "((".. vlan-id" || (".. instance-type vpls" || (".. instance-type evpn" && ".. vxlan decapsulate-accept-inner-vlan"))))";
        junos:must-message "decapsulate-accept-inner-vlan must be configured when vlan-id is not present for evpn vxlan";
        junos:must "((".. vlan-id" || (".. instance-type vpls" || (".. instance-type evpn" && ".. vxlan encapsulate-inner-vlan"))))";
        junos:must-message "encapsulate-inner-vlan must be configured when vlan-id is not present for evpn vxlan";
        junos:must "((!(".. vlan-id all") && !(".. vlan-id inner-all")))";
        junos:must-message "vxlan does not support bridge domain with 'vlan-id all' or  'vlan-id inner-all'";
        junos:must "(!(".. instance-type mac-vrf"))";
        junos:must-message "vxlan must be configured within bridge-domains for 'instance-type mac-vrf'";
        junos:must "(!(".. instance-type virtual-switch"))";
        junos:must-message "vxlan must be configured within bridge-domains for 'instance-type virtual-switch'";
        junos:must "((".. instance-type vpls" || ".. instance-type evpn"))";
        junos:must-message "vxlan in routing-instance is valid only for instance-type vpls or evpn";
        junos:must "("routing-instances ${instance} vtep-source-interface")";
        junos:must-message "vtep-source-interface is required for VXLAN configuration";
        description "VXLAN options";
        uses apply-advanced;

        leaf ovsdb-managed {
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || ".. multicast-group")))";
          junos:must-message "ovsdb-managed not valid with remote-vtep-list or multicast-group";
          type empty;
          description
            "Managed remotely via VXLAN OVSDB Controller";
        }

        leaf vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 16777214";
            }
          }
          description "VXLAN identifier";
        }

        leaf translation-vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16777214";
            }
          }
          description
            "Translated VXLAN identifier";
        }

        leaf multicast-group {
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. ovsdb-managed" || (".. multicast-v6-group" || "routing-instances ${instance} switch-options ovsdb-managed")))))";
          junos:must-message "multicast-group not valid with remote-vtep-list or ovsdb-managed or multicast-v6-group";
          type jt:ipv4addr;
          description
            "Multicast group registered for VXLAN segment";
        }

        leaf multicast-v6-group {
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. ovsdb-managed" || (".. multicast-group" || "routing-instances ${instance} switch-options ovsdb-managed")))))";
          junos:must-message "multicast-v6-group not valid with remote-vtep-list or ovsdb-managed or multicast-group";
          type jt:ipv6addr;
          description
            "Multicast IPv6 group registered for VXLAN segment";
        }

        leaf encapsulate-inner-vlan {
          junos:must "(!(".. .. vlan-id none"))";
          junos:must-message "encapsulate inner vlan not valid with vlan-id none ";
          type empty;
          description
            "Retain inner VLAN in the packet";
        }

        leaf decapsulate-accept-inner-vlan {
          junos:must "(!(".. .. vlan-id none"))";
          junos:must-message "accept inner vlan not valid with vlan-id none";
          type empty;
          description
            "Accept VXLAN packets with inner VLAN";
        }

        leaf unreachable-vtep-aging-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "300 .. 1800";
            }
          }
          units "seconds";
          description
            "Unreachable VXLAN tunnel endpoint removal timer";
        }

        leaf ingress-node-replication {
          junos:must "(!(".. .. .. .. protocols evpn assisted-replication"))";
          junos:must-message "ingress-node-replication cannot be configured with assisted-replication";
          junos:must "((".. ovsdb-managed" || (".. .. .. .. switch-options ovsdb-managed" || ("routing-instances ${instance} remote-vtep-list" || ("routing-instances ${instance} remote-vtep-v6-list" || "routing-instances ${instance} protocols evpn encapsulation vxlan")))))";
          junos:must-message "Valid for ovsdb-managed instance or with remote-vtep-list or remote-vtep-v6-list or evpn vxlan";
          type empty;
          description
            "Enable ingress node replication";
        }
      }  // container vxlan

      leaf no-local-switching {
        junos:must "((".. instance-type vpls" || ((".. instance-type evpn" && ".. protocols vpls") || ".. instance-type l2backhaul-vpn")))";
        junos:must-message "'no-local-switching' statement can be configured only for VPLS instances";
        type empty;
        description
          "Disable local switching within CE-facing interfaces";
      }

      leaf no-normalization {
        type empty;
        description
          "Disable vlan id normalization for interfaces";
      }

      leaf qualified-bum-pruning-mode {
        junos:must "((".. instance-type vpls" || (".. instance-type evpn" && ".. protocols vpls")))";
        junos:must-message "'bum-pruning-mode' statement can be configured only for VPLS instances!";
        type empty;
        description
          "Enable BUM pruning for VPLS instance";
      }

      leaf no-irb-layer-2-copy {
        junos:must "((".. routing-interface" || ".. l3-interface"))";
        junos:must-message "routing-interface/l3-interface must be configured for this feature";
        type empty;
        description
          "Disable transmission of layer-2 copy of packets of irb routing-interface";
      }

      leaf connector-id-advertise {
        type empty;
        description
          "Advertise connector-id attribute";
      }

      container forwarding-options {
        description
          "Forwarding options configuration";
        uses juniper-forwarding-options;
      }  // container forwarding-options

      container bridge-domains {
        junos:must "((".. instance-type virtual-switch" || ".. instance-type mac-vrf"))";
        junos:must-message "'bridge-domains' configuration can only be used for 'instance-type virtual-switch' or 'instance-type mac-vrf'";
        description
          "Bridge domain configuration";
        uses apply-advanced;

        list domain {
          key "name";
          uses juniper-bridge-domains;
        }  // list domain
      }  // container bridge-domains

      container switch-options {
        junos:must "(".. instance-type virtual-switch")";
        junos:must-message "This configuration is allowed for only 'instance-type virtual-switch'";
        description
          "L2 options for routing-instance of type virtual-switch";
        uses juniper-routing-instance-switch-options;
      }  // container switch-options

      container pbb-options {
        junos:must "(!(".. protocols evpn"))";
        junos:must-message "pbb-options are not supported with protocol evpn";
        junos:must "(!(".. protocols vpls"))";
        junos:must-message "PBB is not supported with protocol vpls";
        junos:must "(".. instance-type virtual-switch")";
        junos:must-message "This configuration is allowed for only 'instance-type virtual-switch'";
        description
          "Provider backbone bridging options for routing-instance";
        uses juniper-routing-instance-pbb-options;
      }  // container pbb-options

      list service-groups {
        junos:must "(!(".. protocols vpls"))";
        junos:must-message "PBB is not supported with protocol vpls";
        junos:must "(".. instance-type virtual-switch")";
        junos:must-message "This configuration is allowed for only 'instance-type virtual-switch'";
        key "name";
        description
          "Service group configuration for routing-instance";
        uses juniper-routing-instance-service-groups;
      }  // list service-groups

      leaf service-type {
        junos:must "(".. instance-type mac-vrf")";
        junos:must-message "service-type config is allowed for instance type mac-vrf only";
        type enumeration {
          enum "vlan-based" {
            value 0;
            description
              "Instance service type vlan-based";
          }
          enum "vlan-bundle" {
            value 1;
            description
              "Instance service type vlan-bundle";
          }
          enum "vlan-aware" {
            value 2;
            description
              "Instance service type vlan-aware";
          }
        }
        description "Sevice type";
      }

      container l2vpn-id {
        description
          "Layer-2 vpn-id for this instance";
        uses apply-advanced;

        leaf community {
          junos:must "(!(".. .. protocols vpls neighbor"))";
          junos:must-message "Does not support FEC129 LDP-VPLS and BGP-VPLS/FEC128-LDP-VPLS under the default mesh-group";
          junos:must "(!(".. .. protocols vpls vpls-id"))";
          junos:must-message "Does not support FEC129 LDP-VPLS and BGP-VPLS/FEC128-LDP-VPLS under the default mesh-group";
          junos:must "(!(".. .. protocols vpls site"))";
          junos:must-message "Does not support FEC129 LDP-VPLS and BGP-VPLS/FEC128-LDP-VPLS under the same instance";
          junos:must "(!(".. .. protocols vpls site-range"))";
          junos:must-message "site-range is not supported for FEC129 LDP VPLS";
          junos:must "(!(".. .. protocols vpls mac-flush"))";
          junos:must-message "mac-flush is not supported for FEC129 LDP VPLS";
          junos:must "(!(".. .. protocols vpls label-block-size"))";
          junos:must-message "label-block-size is not supported for FEC129 LDP VPLS";
          junos:must "(!(".. .. protocols vpls connectivity-type"))";
          junos:must-message "connectivity-type is not supported for FEC129 LDP VPLS";
          junos:must "(!(".. .. protocols vpls community"))";
          junos:must-message "community is not supported for FEC129 LDP VPLS";
          junos:must "(!(".. .. provider-tunnel"))";
          junos:must-message "provider-tunnel is not supported for FEC129 LDP VPLS/VPWS";
          type string {
            junos:posix-pattern "^(l2vpn-id)+:[0-9.]+:[0-9]+$";
            junos:pattern-message "Use format 'l2vpn-id:x:y' where 'x' is 2 byte AS number, or an IP address and 'y' is a number. e.g. l2vpn-id:1:100, l2vpn-id:1.2.3.4:100";
          }
          description
            "L2VPN ID community for FEC129 VPLS/VPWS with BGP auto-discovery";
        }
      }  // container l2vpn-id

      container routing-options {
        description
          "Protocol-independent routing option configuration";
        uses juniper-routing-options;
      }  // container routing-options

      container egress-protection {
        description
          "Egress instance protection";
        uses apply-advanced;

        leaf protector {
          junos:must "(any "protocols mpls egress-protection context-identifier <*> protector")";
          junos:must-message "context-identifier must be type protector";
          type empty;
          description
            "Enable Edge Protector functionality for this VPN";
        }

        container context-identifier {
          description "Context identifier";
          uses apply-advanced;

          leaf context-id {
            junos:must "("protocols mpls egress-protection context-identifier $$ primary")";
            junos:must-message "context-identifier must be type primary";
            junos:must "("protocols mpls egress-protection context-identifier $$")";
            junos:must-message "same context-identifier must be defined in protocols mpls egress-protection";
            type jt:ipv4addr;
            description "IP address";
          }
        }  // container context-identifier
      }  // container egress-protection

      container route-distinguisher {
        description
          "Route distinguisher for this instance";
        leaf rd-type {
          type string {
            junos:posix-pattern "^[0-9.]+L?:[0-9]+$";
            junos:pattern-message "Use format 'x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. 123456L:100";
          }
          description
            "Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format";
        }
      }  // container route-distinguisher

      leaf-list vrf-import {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Import policy for VRF instance RIBs";
      }

      leaf-list vrf-export {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Export policy for VRF instance RIBs";
      }

      container vrf-target {
        description
          "VRF target community configuration";
        uses apply-advanced;

        leaf community {
          type string {
            junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
            junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
          }
          description
            "Target community to use in import and export";
        }

        leaf import {
          type string {
            junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
            junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
          }
          description
            "Target community to use when filtering on import";
        }

        leaf export {
          type string {
            junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
            junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
          }
          description
            "Target community to use when marking routes on export";
        }

        leaf auto {
          junos:must "((".. .. instance-type evpn" || (".. .. instance-type virtual-switch" || ".. .. instance-type mac-vrf")))";
          junos:must-message "vrf-target auto is meant only for evpn or virtual-switch instance or mac-vrf";
          type empty;
          description
            "Auto derive import and export target community from BGP AS & L2";
        }
      }  // container vrf-target

      leaf no-vrf-advertise {
        type empty;
        description
          "Don't advertise this instance to remote PEs";
      }

      leaf non-forwarding-vrf {
        junos:must "(".. provider-tunnel inter-as")";
        junos:must-message "Inter-AS segmented p-tunnel configuration is required";
        type empty;
        description
          "Don't create VRF forwarding table for local or transit routes belonging to this VPN";
      }

      container vrf-advertise-selective {
        junos:must "(!(".. no-vrf-advertise"))";
        junos:must-message "Selective vrf advertise cannot be used with no-vrf-advertise knob";
        presence
          "enable vrf-advertise-selective";
        description
          "Override no-vrf-advertise knob for the specified address family";
        uses apply-advanced;

        container family {
          description
            "Protocol family to be selectively advertised";
          uses apply-advanced;

          leaf inet-mvpn {
            type empty;
            description
              "IPv4 MVPN Address Family";
          }

          leaf inet6-mvpn {
            type empty;
            description
              "IPv6 MVPN Address Family";
          }
        }  // container family
      }  // container vrf-advertise-selective

      container vrf-table-label {
        presence "enable vrf-table-label";
        description
          "Advertise a single VPN label for all routes in the VRF";
        leaf static {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "16 .. 1048575";
            }
          }
          description
            "Specify label value to be used";
        }

        leaf source-class-usage {
          type empty;
          description
            "Enable source class usage";
        }
      }  // container vrf-table-label

      choice vrf-propagate-ttl-or-no-vrf-propagate-ttl {
        leaf no-vrf-propagate-ttl {
          type empty;
          description
            "Disable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop)";
        }
        leaf vrf-propagate-ttl {
          type empty;
          description
            "Enable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop)";
        }
      }  // choice vrf-propagate-ttl-or-no-vrf-propagate-ttl

      container provider-tunnel {
        junos:must "(!((". inter-as" && ". selective")))";
        junos:must-message "Selective p-tunnel configuration not allowed on ASBR";
        junos:must "(!((" .. non-forwarding-vrf" && (". rsvp-te" || (". pim-asm" || (". pim-ssm" || ". ldp-p2mp"))))))";
        junos:must-message "Inclusive p-tunnel configuration not allowed on ASBR with non-forwarding-vrf";
        junos:must "((!(".. non-forwarding-vrf") || ". inter-as"))";
        junos:must-message "Non-forwarding VRF can only be configured with Inter-AS segmented p-tunnels";
        description
          "Provider tunnel configuration";
        uses apply-advanced;

        container external-controller {
          junos:must "((".. .. protocols mvpn" && (".. .. instance-type vrf" || ".. .. instance-type mpls-internet-multicast")))";
          junos:must-message "External point-to-multipoint LSP provider can be configured only for MVPN instances";
          description
            "External point-to-multipoint LSP provider for flooding";
          uses apply-advanced;

          choice external-provider {
            leaf pccd {
              type empty;
              description
                "Use PCCD for external point-to-multipoint LSP computation entity";
            }
          }  // choice external-provider
        }  // container external-controller

        choice tunnel-type {
          container rsvp-te {
            junos:must "(!(((".. .. instance-type evpn" || ".. .. instance-type virtual-switch") && ".. .. protocols evpn encapsulation vxlan")))";
            junos:must-message "P2MP Provider Tunnels are not allowed for VxLAN encapsulation";
            junos:must "(!(((".. .. instance-type evpn" || ".. .. instance-type virtual-switch") && ".. .. protocols evpn pbb-evpn-core")))";
            junos:must-message "P2MP Provider Tunnels are not allowed for PBB-EVPN";
            junos:must "((".. .. instance-type evpn" || (".. .. instance-type virtual-switch" || (".. .. instance-type vpls" || (".. .. protocols mvpn" && (".. .. instance-type vrf" || ".. .. instance-type mpls-internet-multicast"))))))";
            junos:must-message "Point-to-multipoint LSPs can be configured only for EVPN, VPLS or MVPN instances";
            junos:must "("protocols rsvp")";
            junos:must-message "RSVP must be configured in the master instance";
            description
              "RSVP-TE point-to-multipoint LSP for flooding";
            uses apply-advanced;

            choice static-or-dynamic {
              leaf static-lsp {
                junos:must "(!((".. .. .. instance-type evpn" || ".. .. .. instance-type virtual-switch")))";
                junos:must-message "Static LSPs are not allowed for EVPN instances";
                junos:must "((any "protocols mpls label-switched-path <*> p2mp $$" || ".. .. .. instance-type vpls"))";
                junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                type string {
                  junos:posix-pattern "^.{1,32}$";
                  junos:pattern-message "Must be a string of 32 characters or less";
                }
                description
                  "Name of point-to-multipoint LSP";
              }
              container label-switched-path-template {
                description
                  "Template for dynamic point-to-multipoint LSP parameters";
                uses apply-advanced;

                choice dynamic-template {
                  leaf template-name {
                    junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                    junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                    type string {
                      junos:posix-pattern "^.{1,32}$";
                      junos:pattern-message "Must be a string of 32 characters or less";
                    }
                    description
                      "Name of point-to-multipoint LSP template";
                  }
                  leaf default-template {
                    type empty;
                    description
                      "Use default parameters";
                  }
                }  // choice dynamic-template
              }  // container label-switched-path-template
            }  // choice static-or-dynamic
          }  // container rsvp-te
          container ldp-p2mp {
            junos:must "("protocols ldp p2mp")";
            junos:must-message "LDP P2MP must be configured in the master instance";
            junos:must "((".. .. instance-type evpn" || (".. .. instance-type virtual-switch" || (".. .. protocols mvpn" && (".. .. instance-type vrf" || ".. .. instance-type mpls-internet-multicast")))))";
            junos:must-message "LDP P2MP LSPs can be configured only for EVPN or MVPN instances";
            junos:must "(!(((".. .. instance-type evpn" || ".. .. instance-type virtual-switch") && ".. .. protocols evpn encapsulation vxlan")))";
            junos:must-message "P2MP Provider Tunnels are not allowed for VxLAN encapsulation";
            junos:must "(!(((".. .. instance-type evpn" || ".. .. instance-type virtual-switch") && ".. .. protocols evpn pbb-evpn-core")))";
            junos:must-message "P2MP Provider Tunnels are not allowed for PBB-EVPN";
            presence "enable ldp-p2mp";
            description
              "LDP point-to-multipoint LSP for flooding";
          }  // container ldp-p2mp
          container ingress-replication {
            junos:must "(((".. .. instance-type vrf" || ".. .. instance-type mpls-internet-multicast") && ".. .. protocols mvpn"))";
            junos:must-message "Ingress Replication can be configured only for MVPN instances";
            junos:must "(!(".. .. protocols mvpn sender-based-rpf"))";
            junos:must-message "This release does not support Sender based RPF for inclusive ingress replication provider tunnels";
            description
              "Ingress replication tunnel";
            uses apply-advanced;

            leaf create-new-ucast-tunnel {
              junos:must "(".. label-switched-path label-switched-path-template")";
              junos:must-message "label-switched-path-template must be defined";
              type empty;
              description
                "Create new unicast tunnel for ingress replication";
            }

            container label-switched-path {
              presence
                "enable label-switched-path";
              description
                "Point-to-point LSP unicast tunnel";
              uses apply-advanced;

              container label-switched-path-template {
                junos:must "(".. .. create-new-ucast-tunnel")";
                junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                description
                  "Template for dynamic point-to-point LSP parameters";
                uses apply-advanced;

                choice dynamic-template {
                  leaf template-name {
                    junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                    junos:must-message "Referenced point-to-point LSP template does not exist";
                    type string {
                      junos:posix-pattern "^.{1,32}$";
                      junos:pattern-message "Must be a string of 32 characters or less";
                    }
                    description
                      "Name of point-to-point LSP template";
                  }
                  leaf default-template {
                    type empty;
                    description
                      "Use default parameters";
                  }
                }  // choice dynamic-template
              }  // container label-switched-path-template
            }  // container label-switched-path
          }  // container ingress-replication
          container pim-asm {
            junos:must "(!(".. .. protocols mvpn sender-based-rpf"))";
            junos:must-message "this release does not support sender based RPF for PIM-SM provider tunnels";
            junos:must "(!("protocols pim mpls-internet-multicast"))";
            junos:must-message "mpls-internet-multicast must not be configured";
            junos:must "("protocols pim")";
            junos:must-message "PIM-SM must be configured in the master instance";
            junos:must "(".. .. instance-type vrf")";
            junos:must-message "PIM-SM must be configured only for vrf instances";
            description
              "PIM-SM provider tunnel";
            uses apply-advanced;

            leaf group-address {
              type jt:ipv4addr;
              description
                "PIM-SM provider tunnel group address";
            }

            container family {
              presence "enable family";
              status deprecated;
              description
                "PIM-SM provider tunnel address family";
              uses apply-advanced;

              container inet {
                presence "enable inet";
                description
                  "IPv4 PIM-SM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SM provider tunnel group address for IPV4";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container inet

              container inet6 {
                presence "enable inet6";
                description
                  "IPv6 PIM-SM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SM provider tunnel group address for IPV6";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container inet6
            }  // container family
          }  // container pim-asm
          container pim-ssm {
            junos:must "(!(".. .. protocols mvpn sender-based-rpf"))";
            junos:must-message "This release does not support sender based RPF for PIM-SSM provider tunnels";
            junos:must "(!("protocols pim mpls-internet-multicast"))";
            junos:must-message "mpls-internet-multicast must not be configured";
            junos:must "("protocols pim")";
            junos:must-message "PIM-SSM must be configured in the master instance";
            junos:must "(".. .. protocols mvpn")";
            junos:must-message "PIM-SSM provider tunnel can be configured only for multicast VPN instances";
            junos:must "(".. .. instance-type vrf")";
            junos:must-message "PIM-SM must be configured only for vrf instances";
            description
              "PIM-SSM provider tunnel";
            uses apply-advanced;

            leaf group-address {
              type jt:ipv4addr;
              description
                "PIM-SSM provider tunnel group address";
            }

            container family {
              presence "enable family";
              status deprecated;
              description
                "PIM-SSM provider tunnel address family";
              uses apply-advanced;

              container inet {
                presence "enable inet";
                description
                  "IPv4 PIM-SSM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SSM provider tunnel group address for IPV4";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container inet

              container inet6 {
                presence "enable inet6";
                description
                  "IPv6 PIM-SSM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SSM provider tunnel group address for IPV6";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container inet6
            }  // container family
          }  // container pim-ssm
        }  // choice tunnel-type

        container inter-as {
          junos:must "(".. .. non-forwarding-vrf")";
          junos:must-message "Inter-as segmented tunnels can only be configured for non-forwarding-vrfs";
          junos:must "(!(".. .. protocols mvpn sender-based-rpf"))";
          junos:must-message "This release does not support sender based RPF for inter-as provider tunnels";
          junos:must "(".. .. instance-type vrf")";
          junos:must-message "Inter-as segmented tunnels can only be configured for VRF instances";
          junos:must "(".. .. protocols mvpn")";
          junos:must-message "Inter-as segmented tunnels can only be configured for MVPN instances";
          description
            "Inter-AS segmented tunnels";
          uses apply-advanced;

          choice tunnel-type {
            container ingress-replication {
              junos:must "(". label-switched-path label-switched-path-template")";
              junos:must-message "label-switched-path template must be configured for Inter-AS segmented tunnel";
              description
                "Ingress replication tunnel";
              uses apply-advanced;

              leaf create-new-ucast-tunnel {
                junos:must "(".. label-switched-path label-switched-path-template")";
                junos:must-message "label-switched-path-template must be defined";
                type empty;
                description
                  "Create new unicast tunnel for ingress replication";
              }

              container label-switched-path {
                presence
                  "enable label-switched-path";
                description
                  "Point-to-point LSP unicast tunnel";
                uses apply-advanced;

                container label-switched-path-template {
                  junos:must "(".. .. create-new-ucast-tunnel")";
                  junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                  description
                    "Template for dynamic point-to-point LSP parameters";
                  uses apply-advanced;

                  choice dynamic-template {
                    leaf template-name {
                      junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                      junos:must-message "Referenced point-to-point LSP template does not exist";
                      type string {
                        junos:posix-pattern "^.{1,32}$";
                        junos:pattern-message "Must be a string of 32 characters or less";
                      }
                      description
                        "Name of point-to-point LSP template";
                    }
                    leaf default-template {
                      type empty;
                      description
                        "Use default parameters";
                    }
                  }  // choice dynamic-template
                }  // container label-switched-path-template
              }  // container label-switched-path
            }  // container ingress-replication
            container rsvp-te {
              junos:must "("protocols rsvp")";
              junos:must-message "RSVP must be configured in the master instance";
              description
                "RSVP-TE point-to-multipoint LSP for flooding";
              uses apply-advanced;

              choice static-or-dynamic {
                container label-switched-path-template {
                  description
                    "Template for dynamic point-to-multipoint LSP parameters";
                  uses apply-advanced;

                  choice dynamic-template {
                    leaf template-name {
                      junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                      junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                      type string {
                        junos:posix-pattern "^.{1,32}$";
                        junos:pattern-message "Must be a string of 32 characters or less";
                      }
                      description
                        "Name of point-to-multipoint LSP template";
                    }
                    leaf default-template {
                      type empty;
                      description
                        "Use default parameters";
                    }
                  }  // choice dynamic-template
                }  // container label-switched-path-template
              }  // choice static-or-dynamic
            }  // container rsvp-te
            container ldp-p2mp {
              junos:must "("protocols ldp p2mp")";
              junos:must-message "LDP P2MP must be configured in the master instance";
              presence "enable ldp-p2mp";
              description
                "LDP point-to-multipoint LSP for flooding";
            }  // container ldp-p2mp
          }  // choice tunnel-type

          container inter-region-segmented {
            junos:must "(!((".. pim-ssm" || ".. pim-asm")))";
            junos:must-message "Inter-region-segmented cannot be set for PIM tunnel";
            description
              "Inter-Region Segmented LSP triggered by threshold rate and/or fan-out";
            uses apply-advanced;

            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 1000000";
                }
              }
              units "kilobits";
              description
                "Data threshold rate to trigger segmentation";
            }

            leaf fan-out {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 10000";
                }
              }
              description
                "Number of remote Leaf-AD routes";
            }
          }  // container inter-region-segmented
        }  // container inter-as

        container inter-region {
          junos:must "((".. .. instance-type vrf" || ".. .. instance-type mpls-internet-multicast"))";
          junos:must-message "Inter-region segmented tunnels can only be configured for VRF or Internet-multicast instances";
          junos:must "(!((".. selective" || (".. pim-ssm" || (".. pim-asm" || (".. rsvp-te" || (".. ldp-p2mp" || (".. ingress-replication" || ".. inter-as"))))))))";
          junos:must-message "Inter-region on RBR can not be allowed with other tunnel options";
          description
            "Inter-region segmented tunnels";
          uses apply-advanced;

          choice segmented-or-not {
            leaf template {
              junos:must "("protocols mvpn inter-region-template template $$")";
              junos:must-message "Referenced template doesn't exist";
              type string;
              description
                "Use inter-region segmentation template";
            }
            leaf no-inter-region-segmentation {
              type empty;
              description
                "Do not participate in inter-region segmentation";
            }
          }  // choice segmented-or-not
        }  // container inter-region

        container inter-region-segmented {
          junos:must "(!((".. pim-ssm" || ".. pim-asm")))";
          junos:must-message "Inter-region-segmented cannot be set for PIM tunnel";
          description
            "Inter-Region Segmented LSP triggered by fan-out factor only";
          uses apply-advanced;

          leaf fan-out {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 10000";
              }
            }
            description
              "Number of remote Leaf-AD routes";
          }
        }  // container inter-region-segmented

        container selective {
          junos:must "(".. .. protocols mvpn")";
          junos:must-message "Selective tunnels can only be configured for MVPN instances";
          description "Selective tunnels";
          uses apply-advanced;

          leaf tunnel-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 30000";
              }
            }
            description
              "Maximum number of selective tunnels";
          }

          leaf leaf-tunnel-limit-inet {
            junos:must "(".. .. .. protocols mvpn mvpn-mode rpt-spt")";
            junos:must-message "Selective leaf tunnel limit can only be configured for MVPN rpt-spt mode";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 15000";
              }
            }
            description
              "Maximum number of selective leaf tunnels for v4";
          }

          leaf leaf-tunnel-limit-inet6 {
            junos:must "(".. .. .. protocols mvpn mvpn-mode rpt-spt")";
            junos:must-message "Selective leaf tunnel limit can only be configured for MVPN rpt-spt mode";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 15000";
              }
            }
            description
              "Maximum number of selective leaf tunnels for v6";
          }

          container wildcard-group-inet {
            description
              "IPv4 wilcard group matching any group address";
            uses apply-advanced;

            container wildcard-source {
              junos:must "(".. .. .. .. protocols mvpn mvpn-mode rpt-spt")";
              junos:must-message "MVPN instance needs to be in rpt-spt mode while configuring wildcard-source for selective provider tunnels";
              presence
                "enable wildcard-source";
              description
                "Use Selective-Tunnel for wildcard-source (*,G) joins";
              uses apply-advanced;

              leaf threshold-rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1000000";
                  }
                }
                units "kilobits";
                description
                  "Data threshold to create new tunnel";
              }

              choice tunnel-type {
                container ingress-replication {
                  junos:must "(((".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast") && ".. .. .. .. .. protocols mvpn"))";
                  junos:must-message "Ingress Replication can be configured only for MVPN instances. Sender based RPF is not supported for ingress-replication provider-tunnels";
                  description
                    "Ingress replication tunnel";
                  uses apply-advanced;

                  leaf create-new-ucast-tunnel {
                    junos:must "(".. label-switched-path label-switched-path-template")";
                    junos:must-message "label-switched-path-template must be defined";
                    type empty;
                    description
                      "Create new unicast tunnel for ingress replication";
                  }

                  container label-switched-path {
                    presence
                      "enable label-switched-path";
                    description
                      "Point-to-point LSP unicast tunnel";
                    uses apply-advanced;

                    container label-switched-path-template {
                      junos:must "(".. .. create-new-ucast-tunnel")";
                      junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                      description
                        "Template for dynamic point-to-point LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                          junos:must-message "Referenced point-to-point LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-point LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // container label-switched-path
                }  // container ingress-replication
                container rsvp-te {
                  junos:must "("protocols rsvp")";
                  junos:must-message "RSVP must be configured in the master instance";
                  description
                    "RSVP-TE point-to-multipoint LSP for flooding";
                  uses apply-advanced;

                  choice static-or-dynamic {
                    leaf static-lsp {
                      junos:must "(!(".. .. .. .. .. rsvp-te static-lsp $$"))";
                      junos:must-message "Referenced point-to-multipoint static LSP configured for inclusive tunnel";
                      junos:must "(any "protocols mpls label-switched-path <*> p2mp $$")";
                      junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                      type string {
                        junos:posix-pattern "^.{1,32}$";
                        junos:pattern-message "Must be a string of 32 characters or less";
                      }
                      description
                        "Name of point-to-multipoint LSP";
                    }
                    container label-switched-path-template {
                      description
                        "Template for dynamic point-to-multipoint LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                          junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-multipoint LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // choice static-or-dynamic
                }  // container rsvp-te
                container ldp-p2mp {
                  junos:must "("protocols ldp p2mp")";
                  junos:must-message "LDP P2MP must be configured in the master instance";
                  junos:must "((".. .. .. .. .. protocols mvpn" && (".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast")))";
                  junos:must-message "LDP P2MP LSPs can be configured only for MVPN instances";
                  presence "enable ldp-p2mp";
                  description
                    "LDP point-to-multipoint LSP for flooding";
                }  // container ldp-p2mp
                container pim-ssm {
                  junos:must "(!(".. .. .. .. .. protocols mvpn sender-based-rpf"))";
                  junos:must-message "This release does not support sender based RPF for PIM-SSM provider-tunnel";
                  junos:must "(".. .. .. .. .. protocols mvpn")";
                  junos:must-message "";
                  junos:must "(".. .. .. .. .. instance-type vrf")";
                  junos:must-message "PIM-SSM can be configured only for vrf instances";
                  junos:must "("protocols pim")";
                  junos:must-message "PIM-SSM must be configured in the master instance";
                  description
                    "PIM-SSM provider tunnel";
                  uses apply-advanced;

                  leaf group-range {
                    type jt:ipv4prefix;
                    description
                      "PIM-SSM provider tunnel group range";
                  }
                }  // container pim-ssm
              }  // choice tunnel-type

              container inter-region-segmented {
                junos:must "(!((".. pim-ssm" || ".. pim-asm")))";
                junos:must-message "Inter-region-segmented cannot be set for PIM tunnel";
                description
                  "Inter-Region Segmented LSP triggered by fan-out factor only";
                uses apply-advanced;

                leaf fan-out {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10000";
                    }
                  }
                  description
                    "Number of remote Leaf-AD routes";
                }
              }  // container inter-region-segmented
            }  // container wildcard-source
          }  // container wildcard-group-inet

          container wildcard-group-inet6 {
            description
              "IPv6 wilcard group matching any group address";
            uses apply-advanced;

            container wildcard-source {
              junos:must "(".. .. .. .. protocols mvpn mvpn-mode rpt-spt")";
              junos:must-message "MVPN instance needs to be in rpt-spt mode while configuring wildcard-source for selective provider tunnels";
              presence
                "enable wildcard-source";
              description
                "Use Selective-Tunnel for wildcard-source (*,G) joins";
              uses apply-advanced;

              leaf threshold-rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1000000";
                  }
                }
                units "kilobits";
                description
                  "Data threshold to create new tunnel";
              }

              choice tunnel-type {
                container ingress-replication {
                  junos:must "(((".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast") && ".. .. .. .. .. protocols mvpn"))";
                  junos:must-message "Ingress Replication can be configured only for MVPN instances";
                  description
                    "Ingress replication tunnel";
                  uses apply-advanced;

                  leaf create-new-ucast-tunnel {
                    junos:must "(".. label-switched-path label-switched-path-template")";
                    junos:must-message "label-switched-path-template must be defined";
                    type empty;
                    description
                      "Create new unicast tunnel for ingress replication";
                  }

                  container label-switched-path {
                    presence
                      "enable label-switched-path";
                    description
                      "Point-to-point LSP unicast tunnel";
                    uses apply-advanced;

                    container label-switched-path-template {
                      junos:must "(".. .. create-new-ucast-tunnel")";
                      junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                      description
                        "Template for dynamic point-to-point LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                          junos:must-message "Referenced point-to-point LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-point LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // container label-switched-path
                }  // container ingress-replication
                container rsvp-te {
                  junos:must "("protocols rsvp")";
                  junos:must-message "RSVP must be configured in the master instance";
                  description
                    "RSVP-TE point-to-multipoint LSP for flooding";
                  uses apply-advanced;

                  choice static-or-dynamic {
                    leaf static-lsp {
                      junos:must "(!(".. .. .. .. .. rsvp-te static-lsp $$"))";
                      junos:must-message "Referenced point-to-multipoint static LSP configured for inclusive tunnel";
                      junos:must "(any "protocols mpls label-switched-path <*> p2mp $$")";
                      junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                      type string {
                        junos:posix-pattern "^.{1,32}$";
                        junos:pattern-message "Must be a string of 32 characters or less";
                      }
                      description
                        "Name of point-to-multipoint LSP";
                    }
                    container label-switched-path-template {
                      description
                        "Template for dynamic point-to-multipoint LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                          junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-multipoint LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // choice static-or-dynamic
                }  // container rsvp-te
                container ldp-p2mp {
                  junos:must "("protocols ldp p2mp")";
                  junos:must-message "LDP P2MP must be configured in the master instance";
                  junos:must "((".. .. .. .. .. protocols mvpn" && (".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast")))";
                  junos:must-message "LDP P2MP LSPs can be configured only for MVPN instances";
                  presence "enable ldp-p2mp";
                  description
                    "LDP point-to-multipoint LSP for flooding";
                }  // container ldp-p2mp
                container pim-ssm {
                  junos:must "(!(".. .. .. .. .. protocols mvpn sender-based-rpf"))";
                  junos:must-message "This release does not support sender based RPF for PIM-SSM provider-tunnel";
                  junos:must "(".. .. .. .. .. protocols mvpn")";
                  junos:must-message "";
                  junos:must "(".. .. .. .. .. instance-type vrf")";
                  junos:must-message "PIM-SSM can be configured only for vrf instances";
                  junos:must "("protocols pim")";
                  junos:must-message "PIM-SSM must be configured in the master instance";
                  description
                    "PIM-SSM provider tunnel";
                  uses apply-advanced;

                  leaf group-range {
                    type jt:ipv4prefix;
                    description
                      "PIM-SSM provider tunnel group range";
                  }
                }  // container pim-ssm
              }  // choice tunnel-type

              container inter-region-segmented {
                junos:must "(!((".. pim-ssm" || ".. pim-asm")))";
                junos:must-message "Inter-region-segmented cannot be set for PIM tunnel";
                description
                  "Inter-Region Segmented LSP triggered by fan-out factor only";
                uses apply-advanced;

                leaf fan-out {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10000";
                    }
                  }
                  description
                    "Number of remote Leaf-AD routes";
                }
              }  // container inter-region-segmented
            }  // container wildcard-source
          }  // container wildcard-group-inet6

          list group {
            key "name";
            ordered-by user;
            description
              "IP prefix of multicast group";
            leaf name {
              type jt:ipprefix;
              description
                "IP prefix of group";
            }

            uses apply-advanced;

            container wildcard-source {
              junos:must "(".. .. .. .. protocols mvpn mvpn-mode rpt-spt")";
              junos:must-message "MVPN instance needs to be in rpt-spt mode while configuring wildcard-source for selective provider tunnels";
              presence
                "enable wildcard-source";
              description
                "Use Selective-Tunnel for wildcard-source (*,G) joins";
              uses apply-advanced;

              leaf threshold-rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1000000";
                  }
                }
                units "kilobits";
                description
                  "Data threshold to create new tunnel";
              }

              choice tunnel-type {
                container ingress-replication {
                  junos:must "(((".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast") && ".. .. .. .. .. protocols mvpn"))";
                  junos:must-message "Ingress Replication can be configured only for MVPN instances.";
                  description
                    "Ingress replication tunnel";
                  uses apply-advanced;

                  leaf create-new-ucast-tunnel {
                    junos:must "(".. label-switched-path label-switched-path-template")";
                    junos:must-message "label-switched-path-template must be defined";
                    type empty;
                    description
                      "Create new unicast tunnel for ingress replication";
                  }

                  container label-switched-path {
                    presence
                      "enable label-switched-path";
                    description
                      "Point-to-point LSP unicast tunnel";
                    uses apply-advanced;

                    container label-switched-path-template {
                      junos:must "(".. .. create-new-ucast-tunnel")";
                      junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                      description
                        "Template for dynamic point-to-point LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                          junos:must-message "Referenced point-to-point LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-point LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // container label-switched-path
                }  // container ingress-replication
                container rsvp-te {
                  junos:must "("protocols rsvp")";
                  junos:must-message "RSVP must be configured in the master instance";
                  description
                    "RSVP-TE point-to-multipoint LSP for flooding";
                  uses apply-advanced;

                  choice static-or-dynamic {
                    leaf static-lsp {
                      junos:must "(!(".. .. .. .. .. rsvp-te static-lsp $$"))";
                      junos:must-message "Referenced point-to-multipoint static LSP configured for inclusive tunnel";
                      junos:must "(any "protocols mpls label-switched-path <*> p2mp $$")";
                      junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                      type string {
                        junos:posix-pattern "^.{1,32}$";
                        junos:pattern-message "Must be a string of 32 characters or less";
                      }
                      description
                        "Name of point-to-multipoint LSP";
                    }
                    container label-switched-path-template {
                      description
                        "Template for dynamic point-to-multipoint LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                          junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-multipoint LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // choice static-or-dynamic
                }  // container rsvp-te
                container ldp-p2mp {
                  junos:must "("protocols ldp p2mp")";
                  junos:must-message "LDP P2MP must be configured in the master instance";
                  junos:must "((".. .. .. .. .. protocols mvpn" && (".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast")))";
                  junos:must-message "LDP P2MP LSPs can be configured only for MVPN instances";
                  presence "enable ldp-p2mp";
                  description
                    "LDP point-to-multipoint LSP for flooding";
                }  // container ldp-p2mp
                container pim-ssm {
                  junos:must "(!(".. .. .. .. .. protocols mvpn sender-based-rpf"))";
                  junos:must-message "This release does not support sender based RPF for PIM-SSM provider-tunnel";
                  junos:must "(".. .. .. .. .. protocols mvpn")";
                  junos:must-message "";
                  junos:must "(".. .. .. .. .. instance-type vrf")";
                  junos:must-message "PIM-SSM can be configured only for vrf instances";
                  junos:must "("protocols pim")";
                  junos:must-message "PIM-SSM must be configured in the master instance";
                  description
                    "PIM-SSM provider tunnel";
                  uses apply-advanced;

                  leaf group-range {
                    type jt:ipv4prefix;
                    description
                      "PIM-SSM provider tunnel group range";
                  }
                }  // container pim-ssm
              }  // choice tunnel-type

              container inter-region-segmented {
                junos:must "(!((".. pim-ssm" || ".. pim-asm")))";
                junos:must-message "Inter-region-segmented cannot be set for PIM tunnel";
                description
                  "Inter-Region Segmented LSP triggered by threshold rate and/or fan-out";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 1000000";
                    }
                  }
                  units "kilobits";
                  description
                    "Data threshold rate to trigger segmentation";
                }

                leaf fan-out {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10000";
                    }
                  }
                  description
                    "Number of remote Leaf-AD routes";
                }
              }  // container inter-region-segmented
            }  // container wildcard-source

            list source {
              key "name";
              ordered-by user;
              description
                "IP prefix of one or more multicast sources";
              leaf name {
                type jt:ipprefix;
                description
                  "IP prefix of source";
              }

              uses apply-advanced;

              choice tunnel-type {
                container ingress-replication {
                  junos:must "(((".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast") && ".. .. .. .. .. protocols mvpn"))";
                  junos:must-message "Ingress Replication can be configured only for MVPN instances";
                  description
                    "Ingress replication tunnel";
                  uses apply-advanced;

                  leaf create-new-ucast-tunnel {
                    junos:must "(".. label-switched-path label-switched-path-template")";
                    junos:must-message "label-switched-path-template must be defined";
                    type empty;
                    description
                      "Create new unicast tunnel for ingress replication";
                  }

                  container label-switched-path {
                    presence
                      "enable label-switched-path";
                    description
                      "Point-to-point LSP unicast tunnel";
                    uses apply-advanced;

                    container label-switched-path-template {
                      junos:must "(".. .. create-new-ucast-tunnel")";
                      junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                      description
                        "Template for dynamic point-to-point LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                          junos:must-message "Referenced point-to-point LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-point LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // container label-switched-path
                }  // container ingress-replication
                container rsvp-te {
                  junos:must "("protocols rsvp")";
                  junos:must-message "RSVP must be configured in the master instance";
                  description
                    "RSVP-TE point-to-multipoint LSP for flooding";
                  uses apply-advanced;

                  choice static-or-dynamic {
                    leaf static-lsp {
                      junos:must "(!(".. .. .. .. .. rsvp-te static-lsp $$"))";
                      junos:must-message "Referenced point-to-multipoint static LSP configured for inclusive tunnel";
                      junos:must "(any "protocols mpls label-switched-path <*> p2mp $$")";
                      junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                      type string {
                        junos:posix-pattern "^.{1,32}$";
                        junos:pattern-message "Must be a string of 32 characters or less";
                      }
                      description
                        "Name of point-to-multipoint LSP";
                    }
                    container label-switched-path-template {
                      description
                        "Template for dynamic point-to-multipoint LSP parameters";
                      uses apply-advanced;

                      choice dynamic-template {
                        leaf template-name {
                          junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                          junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                          type string {
                            junos:posix-pattern "^.{1,32}$";
                            junos:pattern-message "Must be a string of 32 characters or less";
                          }
                          description
                            "Name of point-to-multipoint LSP template";
                        }
                        leaf default-template {
                          type empty;
                          description
                            "Use default parameters";
                        }
                      }  // choice dynamic-template
                    }  // container label-switched-path-template
                  }  // choice static-or-dynamic
                }  // container rsvp-te
                container pim-ssm {
                  junos:must "(!(".. .. .. .. .. protocols mvpn sender-based-rpf"))";
                  junos:must-message "This release does not support sender based RPF for PIM-SSM provider-tunnel";
                  junos:must "(".. .. .. .. .. protocols mvpn")";
                  junos:must-message "";
                  junos:must "(".. .. .. .. .. instance-type vrf")";
                  junos:must-message "PIM-SSM can be configured only for vrf instances";
                  junos:must "("protocols pim")";
                  junos:must-message "PIM-SSM must be configured in the master instance";
                  description
                    "PIM-SSM provider tunnel";
                  uses apply-advanced;

                  leaf group-range {
                    type jt:ipv4prefix;
                    description
                      "PIM-SSM provider tunnel group range";
                  }
                }  // container pim-ssm
                container ldp-p2mp {
                  junos:must "("protocols ldp p2mp")";
                  junos:must-message "LDP P2MP must be configured in the master instance";
                  junos:must "((".. .. .. .. .. protocols mvpn" && (".. .. .. .. .. instance-type vrf" || ".. .. .. .. .. instance-type mpls-internet-multicast")))";
                  junos:must-message "LDP P2MP LSPs can be configured only for MVPN instances";
                  presence "enable ldp-p2mp";
                  description
                    "LDP point-to-multipoint LSP for flooding";
                }  // container ldp-p2mp
              }  // choice tunnel-type

              leaf threshold-rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1000000";
                  }
                }
                units "kilobits";
                description
                  "Data threshold to create new tunnel";
              }

              container inter-region-segmented {
                junos:must "(!((".. pim-ssm" || ".. pim-asm")))";
                junos:must-message "Inter-region-segmented cannot be set for PIM tunnel";
                description
                  "Inter-Region Segmented LSP triggered by threshold rate and/or fan-out";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 1000000";
                    }
                  }
                  units "kilobits";
                  description
                    "Data threshold rate to trigger segmentation";
                }

                leaf fan-out {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 10000";
                    }
                  }
                  description
                    "Number of remote Leaf-AD routes";
                }
              }  // container inter-region-segmented
            }  // list source
          }  // list group
        }  // container selective

        container mdt {
          junos:must "(".. .. protocols pim mvpn")";
          junos:must-message "Data MDT tunnels can only be configured for PIM MVPN instances";
          status deprecated;
          description
            "Data MDT tunnels for PIM MVPN";
          uses apply-advanced;

          container threshold {
            description
              "Threshold for creation of multicast tunnels";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP prefix of multicast group";
              leaf name {
                type jt:ipprefix;
                description
                  "IP prefix of group";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP prefix of one or more multicast sources ";
                leaf name {
                  type jt:ipprefix;
                  description
                    "IP prefix of source";
                }

                uses apply-advanced;

                leaf rate {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "10 .. 1000000";
                    }
                  }
                  units "kilobits";
                  description
                    "Data threshold to create new tunnel";
                }
              }  // list source
            }  // list group
          }  // container threshold

          leaf data-mdt-reuse {
            type empty;
            description
              "Allow multiple customer streams to be transmitted over one data tunnel ";
          }

          leaf tunnel-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 8192";
              }
            }
            description
              "Maximum multicast data tunnels";
          }

          leaf group-range {
            type jt:ipprefix;
            description
              "Group address range for multicast data tunnels";
          }
        }  // container mdt

        container family {
          presence "enable family";
          uses apply-advanced;

          container inet {
            junos:must "(!((" .. .. .. non-forwarding-vrf" && (". rsvp-te" || (". pim-asm" || (". pim-ssm" || ". ldp-p2mp"))))))";
            junos:must-message "Inclusive p-tunnel configuration not allowed on ASBR with non-forwarding-vrf";
            presence "enable inet";
            uses apply-advanced;

            choice tunnel-type {
              container rsvp-te {
                junos:must "((".. .. .. .. instance-type vpls" || (".. .. .. .. protocols mvpn" && (".. .. .. .. instance-type vrf" || ".. .. .. .. instance-type mpls-internet-multicast"))))";
                junos:must-message "Point-to-multipoint LSPs can be configured only for VPLS or MVPN instances";
                junos:must "("protocols rsvp")";
                junos:must-message "RSVP must be configured in the master instance";
                description
                  "RSVP-TE point-to-multipoint LSP for flooding";
                uses apply-advanced;

                choice static-or-dynamic {
                  leaf static-lsp {
                    junos:must "((any "protocols mpls label-switched-path <*> p2mp $$" || ".. .. .. instance-type vpls"))";
                    junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                    type string {
                      junos:posix-pattern "^.{1,32}$";
                      junos:pattern-message "Must be a string of 32 characters or less";
                    }
                    description
                      "Name of point-to-multipoint LSP";
                  }
                  container label-switched-path-template {
                    description
                      "Template for dynamic point-to-multipoint LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                        junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-multipoint LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // choice static-or-dynamic
              }  // container rsvp-te
              container ldp-p2mp {
                junos:must "("protocols ldp p2mp")";
                junos:must-message "LDP P2MP must be configured in the master instance";
                junos:must "((".. .. .. .. protocols mvpn" && (".. .. .. .. instance-type vrf" || ".. .. .. .. instance-type mpls-internet-multicast")))";
                junos:must-message "LDP P2MP LSPs can be configured only for valid MVPN instances";
                presence "enable ldp-p2mp";
                description
                  "LDP point-to-multipoint LSP for flooding";
              }  // container ldp-p2mp
              container ingress-replication {
                junos:must "(((".. .. .. .. instance-type vrf" || ".. .. .. .. instance-type mpls-internet-multicast") && ".. .. .. .. protocols mvpn"))";
                junos:must-message "Ingress Replication can be configured only for MVPN instances";
                junos:must "(!(".. .. .. .. protocols mvpn sender-based-rpf"))";
                junos:must-message "This release does not support Sender based RPF for inclusive ingress replication provider tunnels";
                description
                  "Ingress replication tunnel";
                uses apply-advanced;

                leaf create-new-ucast-tunnel {
                  junos:must "(".. label-switched-path label-switched-path-template")";
                  junos:must-message "label-switched-path-template must be defined";
                  type empty;
                  description
                    "Create new unicast tunnel for ingress replication";
                }

                container label-switched-path {
                  presence
                    "enable label-switched-path";
                  description
                    "Point-to-point LSP unicast tunnel";
                  uses apply-advanced;

                  container label-switched-path-template {
                    junos:must "(".. .. create-new-ucast-tunnel")";
                    junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                    description
                      "Template for dynamic point-to-point LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                        junos:must-message "Referenced point-to-point LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-point LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // container label-switched-path
              }  // container ingress-replication
              container pim-asm {
                junos:must "(!(".. .. .. .. protocols mvpn sender-based-rpf"))";
                junos:must-message "this release does not support sender based RPF for PIM-SM provider tunnels";
                junos:must "(!("protocols pim mpls-internet-multicast"))";
                junos:must-message "mpls-internet-multicast must not be configured";
                junos:must "("protocols pim")";
                junos:must-message "PIM-SM must be configured in the master instance";
                junos:must "(".. .. .. .. instance-type vrf")";
                junos:must-message "PIM-SM must be configured only for vrf instances";
                description
                  "PIM-SM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SM provider tunnel group address";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container pim-asm
              container pim-ssm {
                junos:must "(!(".. .. .. .. protocols mvpn sender-based-rpf"))";
                junos:must-message "this release does not support sender based RPF for PIM-SSM provider tunnels";
                junos:must "(!("protocols pim mpls-internet-multicast"))";
                junos:must-message "mpls-internet-multicast must not be configured";
                junos:must "("protocols pim")";
                junos:must-message "PIM-SSM must be configured in the master instance";
                junos:must "(".. .. .. .. protocols mvpn")";
                junos:must-message "PIM-SSM provider tunnel can be configured only for multicast VPN instances";
                junos:must "(".. .. .. .. instance-type vrf")";
                junos:must-message "PIM-SM must be configured only for vrf instances";
                description
                  "PIM-SSM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SSM provider tunnel group address";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container pim-ssm
            }  // choice tunnel-type

            container mdt {
              junos:must "(".. .. .. .. protocols pim mvpn")";
              junos:must-message "Data MDT tunnels can only be configured for PIM
MVPN instances";
              description
                "IPv4 Data MDT tunnels for PIM MVPN";
              uses apply-advanced;

              container threshold {
                description
                  "Threshold for creation of multicast tunnels";
                uses apply-advanced;

                list group {
                  key "name";
                  ordered-by user;
                  description
                    "IP prefix of multicast group";
                  leaf name {
                    type jt:ipprefix;
                    description
                      "IP prefix of group";
                  }

                  uses apply-advanced;

                  list source {
                    key "name";
                    ordered-by user;
                    description
                      "IP prefix of one or more multicast sources ";
                    leaf name {
                      type jt:ipprefix;
                      description
                        "IP prefix of source";
                    }

                    uses apply-advanced;

                    leaf rate {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "10 .. 1000000";
                        }
                      }
                      units "kilobits";
                      description
                        "Data threshold to create new tunnel";
                    }
                  }  // list source
                }  // list group
              }  // container threshold

              leaf data-mdt-reuse {
                type empty;
                description
                  "Allow multiple customer streams to be transmitted over one data tunnel ";
              }

              leaf tunnel-limit {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 8192";
                  }
                }
                description
                  "Maximum multicast data tunnels";
              }

              leaf group-range {
                type jt:ipprefix;
                description
                  "Group address range for multicast data tunnels";
              }
            }  // container mdt
          }  // container inet

          container inet6 {
            junos:must "(!((" .. .. .. non-forwarding-vrf" && (". rsvp-te" || (". pim-asm" || (". pim-ssm" || ". ldp-p2mp"))))))";
            junos:must-message "Inclusive p-tunnel configuration not allowed on ASBR with non-forwarding-vrf";
            presence "enable inet6";
            uses apply-advanced;

            choice tunnel-type {
              container rsvp-te {
                junos:must "((".. .. .. .. instance-type vpls" || (".. .. .. .. protocols mvpn" && (".. .. .. .. instance-type vrf" || ".. .. .. .. instance-type mpls-internet-multicast"))))";
                junos:must-message "Point-to-multipoint LSPs can be configured only for VPLS or MVPN instances";
                junos:must "("protocols rsvp")";
                junos:must-message "RSVP must be configured in the master instance";
                description
                  "RSVP-TE point-to-multipoint LSP for flooding";
                uses apply-advanced;

                choice static-or-dynamic {
                  leaf static-lsp {
                    junos:must "((any "protocols mpls label-switched-path <*> p2mp $$" || ".. .. .. instance-type vpls"))";
                    junos:must-message "Referenced point-to-multipoint static LSP does not exist";
                    type string {
                      junos:posix-pattern "^.{1,32}$";
                      junos:pattern-message "Must be a string of 32 characters or less";
                    }
                    description
                      "Name of point-to-multipoint LSP";
                  }
                  container label-switched-path-template {
                    description
                      "Template for dynamic point-to-multipoint LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                        junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-multipoint LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // choice static-or-dynamic
              }  // container rsvp-te
              container ldp-p2mp {
                junos:must "("protocols ldp p2mp")";
                junos:must-message "LDP P2MP must be configured in the master instance";
                junos:must "((".. .. .. .. protocols mvpn" && (".. .. .. .. instance-type vrf" || ".. .. .. .. instance-type mpls-internet-multicast")))";
                junos:must-message "LDP P2MP LSPs can be configured only for valid MVPN instances";
                presence "enable ldp-p2mp";
                description
                  "LDP point-to-multipoint LSP for flooding";
              }  // container ldp-p2mp
              container ingress-replication {
                junos:must "(((".. .. .. .. instance-type vrf" || ".. .. .. .. instance-type mpls-internet-multicast") && ".. .. .. .. protocols mvpn"))";
                junos:must-message "Ingress Replication can be configured only for MVPN instances";
                junos:must "(!(".. .. .. .. protocols mvpn sender-based-rpf"))";
                junos:must-message "This release does not support Sender based RPF for inclusive ingress replication provider tunnels";
                description
                  "Ingress replication tunnel";
                uses apply-advanced;

                leaf create-new-ucast-tunnel {
                  junos:must "(".. label-switched-path label-switched-path-template")";
                  junos:must-message "label-switched-path-template must be defined";
                  type empty;
                  description
                    "Create new unicast tunnel for ingress replication";
                }

                container label-switched-path {
                  presence
                    "enable label-switched-path";
                  description
                    "Point-to-point LSP unicast tunnel";
                  uses apply-advanced;

                  container label-switched-path-template {
                    junos:must "(".. .. create-new-ucast-tunnel")";
                    junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                    description
                      "Template for dynamic point-to-point LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                        junos:must-message "Referenced point-to-point LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-point LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // container label-switched-path
              }  // container ingress-replication
              container pim-asm {
                junos:must "(!(".. .. .. .. protocols mvpn sender-based-rpf"))";
                junos:must-message "this release does not support sender based RPF for PIM-SM provider tunnels";
                junos:must "(!("protocols pim mpls-internet-multicast"))";
                junos:must-message "mpls-internet-multicast must not be configured";
                junos:must "("protocols pim")";
                junos:must-message "PIM-SM must be configured in the master instance";
                junos:must "(".. .. .. .. instance-type vrf")";
                junos:must-message "PIM-SM must be configured only for vrf instances";
                description
                  "PIM-SM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SM provider tunnel group address";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container pim-asm
              container pim-ssm {
                junos:must "(!(".. .. .. .. protocols mvpn sender-based-rpf"))";
                junos:must-message "this release does not support sender based RPF for PIM-SSM provider tunnels";
                junos:must "(!("protocols pim mpls-internet-multicast"))";
                junos:must-message "mpls-internet-multicast must not be configured";
                junos:must "("protocols pim")";
                junos:must-message "PIM-SSM must be configured in the master instance";
                junos:must "(".. .. .. .. protocols mvpn")";
                junos:must-message "PIM-SSM provider tunnel can be configured only for multicast VPN instances";
                junos:must "(".. .. .. .. instance-type vrf")";
                junos:must-message "PIM-SM must be configured only for vrf instances";
                description
                  "PIM-SSM provider tunnel";
                uses apply-advanced;

                leaf group-address {
                  type jt:ipv4addr;
                  description
                    "PIM-SSM provider tunnel group address";
                }

                leaf tunnel-source {
                  type jt:ipv4addr;
                  description
                    "Source address for the provider space mGRE tunnel";
                }
              }  // container pim-ssm
            }  // choice tunnel-type

            container mdt {
              junos:must "(".. .. .. .. protocols pim mvpn")";
              junos:must-message "Data MDT tunnels can only be configured for PIM
MVPN instances";
              description
                "IPv6 Data MDT tunnels for PIM MVPN";
              uses apply-advanced;

              container threshold {
                description
                  "Threshold for creation of multicast tunnels";
                uses apply-advanced;

                list group {
                  key "name";
                  ordered-by user;
                  description
                    "IP prefix of multicast group";
                  leaf name {
                    type jt:ipprefix;
                    description
                      "IP prefix of group";
                  }

                  uses apply-advanced;

                  list source {
                    key "name";
                    ordered-by user;
                    description
                      "IP prefix of one or more multicast sources ";
                    leaf name {
                      type jt:ipprefix;
                      description
                        "IP prefix of source";
                    }

                    uses apply-advanced;

                    leaf rate {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "10 .. 1000000";
                        }
                      }
                      units "kilobits";
                      description
                        "Data threshold to create new tunnel";
                    }
                  }  // list source
                }  // list group
              }  // container threshold

              leaf data-mdt-reuse {
                type empty;
                description
                  "Allow multiple customer streams to be transmitted over one data tunnel ";
              }

              leaf tunnel-limit {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 8192";
                  }
                }
                description
                  "Maximum multicast data tunnels";
              }

              leaf group-range {
                type jt:ipprefix;
                description
                  "Group address range for multicast data tunnels";
              }
            }  // container mdt
          }  // container inet6
        }  // container family
      }  // container provider-tunnel

      container multicast-snooping-options {
        junos:must "((".. instance-type vpls" || (".. instance-type evpn" || (".. instance-type virtual-switch " || ".. instance-type mac-vrf "))))";
        junos:must-message "multicast-snooping-options configuration is allowed only for 'instance-type vpls/evpn or instance-type virtual-switch/mac-vrf'";
        description
          "Multicast snooping option configuration";
        uses juniper-multicast-snooping-options;
      }  // container multicast-snooping-options

      container igmp-snooping-options {
        junos:must "((".. instance-type vpls" || (".. instance-type virtual-switch" || (".. instance-type evpn" && ".. protocols vpls"))))";
        junos:must-message "igmp-snooping-options configuration is allowed only for 'instance-type vpls/virtual-switch'";
        description
          "IGMP snooping option configuration";
        uses juniper-igmp-snooping-options;
      }  // container igmp-snooping-options

      container mld-snooping-options {
        junos:must "((".. instance-type vpls" || (".. instance-type virtual-switch" || (".. instance-type evpn" && ".. protocols vpls"))))";
        junos:must-message "mld-snooping-options configuration is allowed only for 'instance-type vpls or instance-type virtual-switch'";
        description
          "MLD snooping option configuration";
        uses juniper-mld-snooping-options;
      }  // container mld-snooping-options
    }  // grouping juniper-routing-instance

    grouping address-assignment-type {
      description
        "Address assignment configuration";
      uses apply-advanced;

      container neighbor-discovery-router-advertisement {
        description
          "Designated NDRA pool for this instance";
        leaf ndra-name {
          junos:must "(".. .. pool $$  family inet6")";
          junos:must-message "designated NDRA pool must be configured and family inet6 must be set";
          type string {
            junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description
            "Designated NDRA pool name";
        }
      }  // container neighbor-discovery-router-advertisement

      leaf high-utilization {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "2 .. 99";
          }
        }
        description
          "Generate an SNMP trap when address pool use surpasses this percentage";
      }

      leaf abated-utilization {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 98";
          }
        }
        description
          "Generate an SNMP clear trap when address pool use falls below this percentage";
      }

      leaf high-utilization-v6 {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "2 .. 99";
          }
        }
        description
          "Generate an SNMP trap when address pool use surpasses this percentage";
      }

      leaf abated-utilization-v6 {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 98";
          }
        }
        description
          "Generate an SNMP clear trap when address pool use falls below this percentage";
      }

      list dynamic-pool {
        key "name";
        ordered-by user;
        description "Dynamic address pool";
        leaf name {
          type string {
            junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description
            "Dynamic address pool name";
        }

        uses apply-advanced;

        container family {
          presence "enable family";
          description "Address family";
          uses apply-advanced;

          container inet6 {
            description "IPv6";
            uses apply-advanced;

            leaf delegated-prefix-length {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 64";
                }
              }
              description
                "Delegated IPv6 network prefix length";
            }

            leaf from-interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Get prefix from interface name";
            }

            list range {
              key "name";
              ordered-by user;
              description
                "IPv6 address range";
              leaf name {
                type string {
                  junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
                  junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
                  length "1 .. 63";
                }
                description "Range name";
              }

              uses apply-advanced;

              leaf masked-low {
                junos:must "(".. masked-high")";
                junos:must-message "range upper bound must be defined";
                type jt:ipv6prefix-mandatory;
                description
                  "Lower limit of ipv6 address range";
              }

              leaf masked-high {
                junos:must "(".. masked-low")";
                junos:must-message "range lower bound must be defined";
                type jt:ipv6prefix-mandatory;
                description
                  "Upper limit of ipv6 address range";
              }

              leaf prefix-length {
                junos:must "(!(any ".. .. range <*> masked-low"))";
                junos:must-message "'prefix-length' cannot be configured with 'masked-low' in one dynamic pool";
                junos:must "(unique ".. .. range <*> prefix-length")";
                junos:must-message "'prefix-length' cannot be configured for multiple ranges in one dynamic pool";
                junos:must "(!(".. masked-low"))";
                junos:must-message "prefix-length cannot be configured with 'masked-low'";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 64";
                  }
                }
                description
                  "IPv6 delegated prefix length";
              }
            }  // list range

            container dhcp-attributes {
              description
                "DHCP options and match criteria";
              uses dynamic-dhcp-attribute-type;
            }  // container dhcp-attributes
          }  // container inet6
        }  // container family
      }  // list dynamic-pool

      list pool {
        key "name";
        ordered-by user;
        description "Address pool";
        leaf name {
          junos:must "(!(".. link $$"))";
          junos:must-message "Link cannot be self referential";
          type string {
            junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description "Address pool name";
        }

        uses apply-advanced;

        leaf active-drain {
          type empty;
          description
            "Notify client of pool active drain mode";
        }

        leaf hold-down {
          type empty;
          description
            "Place pool in passive drain mode";
        }

        leaf link {
          junos:must "(".. .. pool $$")";
          junos:must-message "Link must be to a valid pool name";
          type string {
            junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description
            "Address pool link name";
        }

        container family {
          presence "enable family";
          description "Address family";
          choice family_type {
            container inet {
              presence "enable inet";
              description "IPv4";
              uses apply-advanced;

              leaf network {
                type jt:ipv4prefix;
                description
                  "Network address";
              }

              list range {
                key "name";
                ordered-by user;
                description "Address range";
                leaf name {
                  type string {
                    junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
                    junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
                    length "1 .. 63";
                  }
                  description "Range name";
                }

                uses apply-advanced;

                leaf low {
                  type jt:ipv4addr;
                  description
                    "Lower limit of address range";
                }

                leaf high {
                  type jt:ipv4addr;
                  description
                    "Upper limit of address range";
                }
              }  // list range

              container dhcp-attributes {
                description
                  "DHCP options and match criteria";
                uses dhcp-attribute-type;
              }  // container dhcp-attributes

              container xauth-attributes {
                description
                  "Configure xauth attributes";
                uses apply-advanced;

                leaf primary-dns {
                  type jt:ipv4prefix;
                  description
                    "Specify the primary-dns IP address";
                }

                leaf secondary-dns {
                  type jt:ipv4prefix;
                  description
                    "Specify the secondary-dns IP address";
                }

                leaf primary-wins {
                  type jt:ipv4prefix;
                  description
                    "Specify the primary-wins IP address";
                }

                leaf secondary-wins {
                  type jt:ipv4prefix;
                  description
                    "Specify the secondary-wins IP address";
                }
              }  // container xauth-attributes

              list host {
                key "name";
                ordered-by user;
                description
                  "Hostname for static reservations";
                leaf name {
                  junos:must "((".. hardware-address" || ".. user-name"))";
                  junos:must-message "either host's hardware address or identifier must be set";
                  type string {
                    length "1 .. 256";
                  }
                  description "Hostname";
                }

                uses apply-advanced;

                leaf hardware-address {
                  type jt:mac-addr;
                  description
                    "Hardware address";
                }

                leaf ip-address {
                  type jt:ipv4addr;
                  description
                    "Reserved address";
                }

                choice host-identifier-type {
                  leaf user-name {
                    type empty;
                    description
                      "Set subscriber user name as host identifier";
                  }
                }  // choice host-identifier-type
              }  // list host

              list excluded-address {
                key "name";
                max-elements 20;
                ordered-by user;
                description
                  "Excluded Addresses";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "Excluded address";
                }

                uses apply-advanced;
              }  // list excluded-address

              list excluded-range {
                key "name";
                max-elements 20;
                ordered-by user;
                description
                  "Excluded address range";
                leaf name {
                  type string {
                    junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
                    junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
                    length "1 .. 63";
                  }
                  description "Range name";
                }

                uses apply-advanced;

                leaf low {
                  type jt:ipv4addr;
                  description
                    "Lower limit of excluded address range";
                }

                leaf high {
                  type jt:ipv4addr;
                  description
                    "Upper limit of excluded address range";
                }
              }  // list excluded-range
            }  // container inet
            container inet6 {
              presence "enable inet6";
              description "IPv6";
              uses apply-advanced;

              leaf prefix {
                type jt:ipv6prefix-mandatory;
                description
                  "IPv6 network prefix";
              }

              list range {
                key "name";
                ordered-by user;
                description
                  "IPv6 address range";
                leaf name {
                  type string {
                    junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
                    junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
                    length "1 .. 63";
                  }
                  description "Range name";
                }

                uses apply-advanced;

                leaf low {
                  junos:must "(".. high")";
                  junos:must-message "range upper bound must be defined";
                  type jt:ipv6prefix-mandatory;
                  description
                    "Lower limit of ipv6 address range";
                }

                leaf high {
                  junos:must "(".. low")";
                  junos:must-message "range lower bound must be defined";
                  type jt:ipv6prefix-mandatory;
                  description
                    "Upper limit of ipv6 address range";
                }

                leaf prefix-length {
                  junos:must "(!(".. low"))";
                  junos:must-message "range lower bound may not be defined";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 128";
                    }
                  }
                  description
                    "IPv6 delegated prefix length";
                }
              }  // list range

              container dhcp-attributes {
                description
                  "DHCP options and match criteria";
                uses dhcp-attribute-type;
              }  // container dhcp-attributes

              container xauth-attributes {
                description
                  "Configure xauth ipv6 attributes";
                uses apply-advanced;

                leaf primary-dns-ipv6 {
                  type jt:ipv6addr;
                  description
                    "Specify the primary-dns IPv6 address";
                }

                leaf secondary-dns-ipv6 {
                  type jt:ipv6addr;
                  description
                    "Specify the secondary-dns IPv6 address";
                }
              }  // container xauth-attributes

              list host {
                key "name";
                ordered-by user;
                description
                  "Hostname for static reservations";
                leaf name {
                  junos:must "((".. hardware-address" || ".. user-name"))";
                  junos:must-message "either host's hardware address or identifier must be set";
                  type string {
                    length "1 .. 256";
                  }
                  description "Hostname";
                }

                uses apply-advanced;

                leaf hardware-address {
                  type jt:mac-addr;
                  description
                    "Hardware address";
                }

                leaf ip-address {
                  type jt:ipv6addr;
                  description
                    "Reserved address";
                }

                choice host-identifier-type {
                  leaf user-name {
                    type empty;
                    description
                      "Set subscriber user name as host identifier";
                  }
                }  // choice host-identifier-type
              }  // list host

              list excluded-address {
                key "name";
                max-elements 20;
                ordered-by user;
                description
                  "Excluded Addresses";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "Excluded address";
                }

                uses apply-advanced;
              }  // list excluded-address

              list excluded-range {
                key "name";
                max-elements 20;
                ordered-by user;
                description
                  "Excluded address range";
                leaf name {
                  type string {
                    junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]{0,62}$";
                    junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes and underscores.";
                    length "1 .. 63";
                  }
                  description "Range name";
                }

                uses apply-advanced;

                leaf low {
                  type jt:ipv6addr;
                  description
                    "Lower limit of excluded address range";
                }

                leaf high {
                  type jt:ipv6addr;
                  description
                    "Upper limit of excluded address range";
                }
              }  // list excluded-range
            }  // container inet6
          }  // choice family_type
        }  // container family
      }  // list pool

      list location-pool {
        key "name";
        max-elements 10;
        ordered-by user;
        description
          "Location-based IP address pool";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description "Pool name";
        }

        uses apply-advanced;

        container family {
          presence "enable family";
          description "Address family";
          container inet {
            description "IPv4 location pool";
            uses apply-advanced;

            list location {
              key "name";
              max-elements 32;
              description
                "Relative location of router";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 32";
                  }
                }
                description
                  "Location number";
              }

              uses apply-advanced;

              leaf address {
                type jt:ipv4prefix;
                description
                  "IP address/destination prefix";
              }
            }  // list location
          }  // container inet
        }  // container family
      }  // list location-pool

      list domain-profile {
        key "name";
        ordered-by user;
        description "Address domain profile";
        leaf name {
          type string {
            length "1 .. 63";
          }
          description
            "Pool domain profile name";
        }

        uses apply-advanced;

        container family {
          description
            "Network family to which this configuration belongs";
          uses apply-advanced;

          container inet {
            description
              "The IPv4 internet family";
            uses apply-advanced;

            leaf preferred-prefix-length {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "8 .. 30";
                }
              }
              description
                "Preferred prefix length";
            }

            leaf source-partition-qualifier {
              type string {
                length "1 .. 63";
              }
              description
                "Prefix source qualifier appended to location for partition name";
            }

            container excluded-address {
              description
                "Excluded addresses from allocation";
              leaf-list last-octet {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "0 .. 255";
                  }
                }
                ordered-by user;
                description
                  "Last octet of the excluded address";
              }
            }  // container excluded-address

            leaf install-discard-routes {
              type empty;
              description
                "Install discard route domain pool prefix";
            }

            leaf dhcp-router-host-part {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "1 .. 8";
                }
              }
              description
                "DHCP host address component to be excluded and passed to DHCP";
            }

            leaf protocol-attributes {
              junos:must "("access protocol-attributes $$")";
              junos:must-message "referenced protocol-attributes must be defined";
              type string {
                length "1 .. 63";
              }
              description
                "Access protocol-attributes name";
            }
          }  // container inet
        }  // container family
      }  // list domain-profile
    }  // grouping address-assignment-type

    grouping dhcp-attribute-type {
      uses apply-advanced;

      container option-match {
        description "Match";
        uses apply-advanced;

        container option-82 {
          uses apply-advanced;

          list circuit-id {
            key "name";
            ordered-by user;
            description
              "Circuit ID portion of the option 82";
            leaf name {
              type string;
            }

            leaf range {
              type string;
              description "Range name";
            }
          }  // list circuit-id

          list remote-id {
            key "name";
            ordered-by user;
            description
              "Remote ID portion of the option 82";
            leaf name {
              type string;
            }

            leaf range {
              type string;
              description "Range name";
            }
          }  // list remote-id
        }  // container option-82
      }  // container option-match

      leaf maximum-lease-time {
        type string;
        units "seconds";
        description
          "Maximum lease time advertised to clients";
      }

      leaf next-server {
        type jt:ipv4addr;
        description
          "Next server that clients need to contact";
      }

      leaf server-identifier {
        type jt:ipv4addr;
        description
          "Server Identifier - IP address value";
      }

      leaf grace-period {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        units "seconds";
        description
          "Grace period for leases";
      }

      leaf domain-name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string of letters, numbers, dashes or underscores";
        }
        description
          "Domain name advertised to clients";
      }

      list name-server {
        key "name";
        ordered-by user;
        description
          "Domain name servers available to the client";
        leaf name {
          type jt:ipv4addr;
          description
            "DNS server's IPv4 address";
        }

        uses apply-advanced;
      }  // list name-server

      list wins-server {
        key "name";
        ordered-by user;
        description "WINS name servers";
        leaf name {
          type jt:ipv4addr;
          description
            "WINS server's IPv4 address";
        }

        uses apply-advanced;
      }  // list wins-server

      list router {
        key "name";
        ordered-by user;
        description
          "Routers advertised to clients";
        leaf name {
          type jt:ipv4addr;
          description
            "Router's IPv4 address";
        }

        uses apply-advanced;
      }  // list router

      leaf boot-file {
        type string;
        description
          "Boot filename advertised to clients";
      }

      leaf boot-server {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string of letters, numbers, dashes or underscores";
        }
        description
          "Boot server advertised to clients";
      }

      leaf tftp-server {
        type jt:ipv4addr;
        description
          "TFTP server IP address advertised to clients";
      }

      container sip-server {
        description "SIP servers to clients";
        uses apply-advanced;

        list name {
          key "name";
          ordered-by user;
          description
            "SIP server domain name available to clients";
          leaf name {
            junos:must "(!(any ".. .. address <*>"))";
            junos:must-message "Cannot configure sip-server by both name and address";
            type string;
            description "SIP server name";
          }

          uses apply-advanced;
        }  // list name

        list ip-address {
          key "name";
          ordered-by user;
          description
            "SIP servers list of IPv4 addresses available to the client";
          leaf name {
            type jt:ipv4addr;
            description
              "SIP server's IPv4 address";
          }

          uses apply-advanced;
        }  // list ip-address
      }  // container sip-server

      leaf netbios-node-type {
        type enumeration {
          enum "b-node" {
            value 0;
            description "Broadcast node";
          }
          enum "p-node" {
            value 1;
            description "Peer-to-peer node";
          }
          enum "m-node" {
            value 2;
            description "Mixed Node";
          }
          enum "h-node" {
            value 3;
            description "Hybrid node";
          }
        }
        description
          "Type of NETBIOS node advertised to clients";
      }

      leaf sip-server-domain-name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string of letters, numbers, dashes or underscores";
        }
        description
          "SIP server domain name available to clients";
      }

      list sip-server-address {
        key "name";
        ordered-by user;
        description
          "SIP Servers list of IPv6 addresses available to the client";
        leaf name {
          type jt:ipv6addr;
          description
            "SIP Server's IPv6 address";
        }

        uses apply-advanced;
      }  // list sip-server-address

      list dns-server {
        key "name";
        ordered-by user;
        description
          "Domain name servers available to the client";
        leaf name {
          type jt:ipv6addr;
          description
            "DNS server's IPv6 address";
        }

        uses apply-advanced;
      }  // list dns-server

      leaf propagate-settings {
        type string;
        description
          "Interface name for propagating TCP/IP Settings to pool";
      }

      leaf-list propagate-ppp-settings {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        max-elements 8;
        ordered-by user;
        description
          "PPP interface name for propagating DNS/WINS settings";
      }

      list option {
        key "name";
        ordered-by user;
        description "DHCP option";
        leaf name {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "DHCP option identifier code";
        }

        choice option-type-choice {
          leaf flag {
            type enumeration {
              enum "true" {
                value 0;
                description "True value";
              }
              enum "false" {
                value 1;
                description "False value";
              }
              enum "on" {
                value 2;
                description "On value";
              }
              enum "off" {
                value 3;
                description "Off value";
              }
            }
            description "Boolean flag value";
          }
          leaf byte {
            type union {
              type uint8;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Unsigned 8-bit value";
          }
          leaf short {
            type union {
              type int16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Signed 16-bit numeric value";
          }
          leaf unsigned-short {
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Unsigned 16-bit numeric value";
          }
          leaf integer {
            type union {
              type int32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Signed 32-bit numeric value";
          }
          leaf unsigned-integer {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Unsigned 32-bit numeric value";
          }
          leaf hex-string {
            type string {
              junos:posix-pattern "^[[:xdigit:]]+$";
              junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
              length "1 .. 510";
            }
            description "Hexadecimal string";
          }
          leaf string {
            type string {
              length "1 .. 254";
            }
            description
              "Character string value";
          }
          leaf ip-address {
            type jt:ipv4addr;
            description "IP address value";
          }
          leaf ipv6-address {
            type jt:ipv6addr;
            description "IPV6 address value";
          }
          container array {
            presence "enable array";
            description "Array of values";
            uses apply-advanced;

            choice option-type-array-choice {
              leaf-list flag {
                type enumeration {
                  enum "true" {
                    value 0;
                    description "True value";
                  }
                  enum "false" {
                    value 1;
                    description
                      "False value";
                  }
                  enum "on" {
                    value 2;
                    description "On value";
                  }
                  enum "off" {
                    value 3;
                    description "Off value";
                  }
                }
                ordered-by user;
                description
                  "Array of boolean flag values";
              }
              leaf-list byte {
                type union {
                  type uint8;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Array of unsigned 8-bit values";
              }
              leaf-list short {
                type union {
                  type int16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Array of signed 16-bit numeric values";
              }
              leaf-list unsigned-short {
                type union {
                  type uint16;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Array of 16-bit numeric values";
              }
              leaf-list integer {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Array of signed 32-bit numeric values";
              }
              leaf-list unsigned-integer {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Array of unsigned 32-bit numeric values";
              }
              leaf-list hex-string {
                type string {
                  length "1 .. 510";
                }
                ordered-by user;
                description
                  "Hexadecimal string";
              }
              leaf-list string {
                type string {
                  length "1 .. 254";
                }
                ordered-by user;
                description
                  "Array of character string values";
              }
              leaf-list ip-address {
                type jt:ipv4addr;
                ordered-by user;
                description
                  "Array of IP address values";
              }
              leaf-list ipv6-address {
                type jt:ipv6addr;
                ordered-by user;
                description
                  "Array of IPv6 address values";
              }
            }  // choice option-type-array-choice
          }  // container array
        }  // choice option-type-choice
      }  // list option

      leaf valid-lifetime {
        junos:must "(!(".. maximum-lease-time"))";
        junos:must-message "'valid-lifetime' statement cannot be included along with 'maximum-lease-time'";
        type string;
        units "seconds";
        description
          "Valid lifetime advertised to clients";
      }

      leaf preferred-lifetime {
        junos:must "(!(".. maximum-lease-time"))";
        junos:must-message "'preferred-lifetime' statement cannot be included along with 'maximum-lease-time'";
        type string;
        units "seconds";
        description
          "Preferred lifetime advertised to clients";
      }

      leaf t1-percentage {
        junos:must "(!(".. t2-rebinding-time"))";
        junos:must-message "T1 must be configured in seconds to match T2";
        junos:must "(!(".. t1-renewal-time"))";
        junos:must-message "T1 time in seconds already configured";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        description
          "T1 time as percentage of preferred lifetime or max lease";
      }

      leaf t2-percentage {
        junos:must "(!(".. t1-renewal-time"))";
        junos:must-message "T2 must be configured in seconds to match T1";
        junos:must "(!(".. t2-rebinding-time"))";
        junos:must-message "T2 time in seconds already configured";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        description
          "T2 time as percentage of preferred lifetime or max lease";
      }

      leaf exclude-prefix-len {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 128";
          }
        }
        description
          "Length of IPv6 prefix to be excluded from delegated prefix";
      }

      leaf t1-renewal-time {
        junos:must "(!(".. t2-percentage"))";
        junos:must-message "T1 must be configured as percentage to match T2";
        junos:must "(!(".. t1-percentage"))";
        junos:must-message "T1 time as percentage already configured";
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        units "seconds";
        description "T1 renewal time";
      }

      leaf t2-rebinding-time {
        junos:must "(!(".. t1-percentage"))";
        junos:must-message "T2 must be configured as percentage to match T1";
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        units "seconds";
        description "T2 rebinding time";
      }
    }  // grouping dhcp-attribute-type

    grouping dynamic-dhcp-attribute-type {
      uses apply-advanced;

      leaf maximum-lease-time {
        type string;
        units "seconds";
        description
          "Maximum lease time advertised to clients";
      }

      leaf valid-lifetime {
        type string;
        units "seconds";
        description "Preferred lifetime";
      }

      leaf preferred-lifetime {
        type string;
        units "seconds";
        description "Preferred lifetime";
      }

      list dns-server {
        key "name";
        ordered-by user;
        description
          "Domain name servers available to the client";
        leaf name {
          type jt:ipv6addr;
          description
            "DNS server's IPv6 address";
        }

        uses apply-advanced;
      }  // list dns-server

      leaf t1-percentage {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        description
          "T1 time as percentage of preferred lifetime advertised to clients";
      }

      leaf t2-percentage {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        description
          "T2 time as percentage of preferred lifetime advertised to clients";
      }
    }  // grouping dynamic-dhcp-attribute-type

    grouping jdhcp-local-server-type {
      uses apply-advanced;

      container dhcpv6 {
        description "DHCPv6 configuration";
        uses dhcpv6-local-server-type;
      }  // container dhcpv6

      list pool-match-order {
        key "name";
        ordered-by user;
        description
          "Define order of attribute matching for pool selection";
        leaf name {
          type enumeration {
            enum "external-authority" {
              value 0;
              description
                "External authority handles address selection";
            }
            enum "ip-address-first" {
              value 1;
              description
                "IP address used first to select a pool";
            }
            enum "option-82" {
              value 2;
              description
                "Option 82 used in matching of pool";
            }
            enum "option-82-strict" {
              value 3;
              description
                "Option 82 used in strict matching of pool";
            }
          }
          description "Match type";
        }

        uses apply-advanced;
      }  // list pool-match-order

      container duplicate-clients-in-subnet {
        junos:must "(!(".. duplicate-clients-on-interface"))";
        junos:must-message "Cannot specify duplicate-clients-in-subnet with duplicate-clients-on-interface";
        description
          "Allow duplicate clients in a subnet";
        uses jdhcp-duplicate-clients-in-subnet-type;
      }  // container duplicate-clients-in-subnet

      container forward-snooped-clients {
        junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))";
        junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured";
        description
          "Forward snooped (unicast) packets";
        choice interface-type {
          leaf configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured interfaces";
          }
          leaf non-configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on non-configured interfaces";
          }
          leaf all-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured and non-configured interfaces";
          }
        }  // choice interface-type
      }  // container forward-snooped-clients

      container overrides {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'overrides' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        presence "enable overrides";
        description
          "DHCP override processing";
        uses override-local-server-type;
      }  // container overrides

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'access-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container route-suppression {
        junos:must "(!(".. liveness-detection method layer2-liveness-detection"))";
        junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection";
        junos:must "(!(".. overrides no-arp"))";
        junos:must-message "Cannot specify route-suppression with overrides no-arp";
        description
          "Suppress access-internal and/or destination route addition";
        uses dhcp-route-suppression-type;
      }  // container route-suppression

      list group {
        junos:must "(!("system services dhcp"))";
        junos:must-message "Incompatible with the dhcp server configured under 'system services dhcp'";
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'group' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        key "name";
        ordered-by user;
        description
          "Define a DHCP local server group";
        uses dhcp-local-server-group;
      }  // list group

      list dual-stack-group {
        key "name";
        description
          "Define a DHCP dual stack group";
        uses dhcp-local-server-dual-stack-group;
      }  // list dual-stack-group

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          choice violation-action-choice {
            leaf strict {
              type empty;
              description
                "Reject discover and renew";
            }
            leaf override-lease {
              type empty;
              description
                "Override assigned lease time with threshold";
            }
          }  // choice violation-action-choice
        }  // container violation-action
      }  // container lease-time-validation

      choice requested-ip-check {
        leaf requested-ip-network-match {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 31";
            }
          }
          default "8";
          description
            "Subnet to match server's address for active and giaddr for passive clients";
        }
        leaf requested-ip-interface-match {
          type empty;
          description
            "Use incoming-interface's subnet to check";
        }
      }  // choice requested-ip-check

      leaf no-snoop {
        junos:must "(!("legacy-snooping"))";
        junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement";
        type empty;
        description
          "Do not snoop DHCP packets";
      }

      container allow-leasequery {
        presence "enable allow-leasequery";
        description "Allow DHCP leasequery";
        uses server-leasequery-type;
      }  // container allow-leasequery

      container remote-id-mismatch {
        junos:must "(!(".. reauthenticate"))";
        junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'";
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container reauthenticate {
        junos:must "(!(".. remote-id-mismatch"))";
        junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'";
        junos:must "((".. authentication" || ".. .. authentication"))";
        junos:must-message "'authentication' statement must be included with 'reauthenticate'";
        description
          "DHCP client reauthenticate processing";
        leaf lease-renewal {
          type empty;
          description
            "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT";
        }

        leaf remote-id-mismatch {
          type empty;
          description
            "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation";
        }
      }  // container reauthenticate

      container allow-bulk-leasequery {
        presence
          "enable allow-bulk-leasequery";
        description
          "Allow DHCP bulk leasequery";
        uses server-bulk-leasequery-type;
      }  // container allow-bulk-leasequery

      container allow-active-leasequery {
        presence
          "enable allow-active-leasequery";
        description
          "Allow DHCP active leasequery";
        uses server-active-leasequery-type;
      }  // container allow-active-leasequery
    }  // grouping jdhcp-local-server-type

    grouping dhcp-local-server-dual-stack-group {
      description "DHCP dual stack groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Dual stack group name";
      }

      uses apply-advanced;

      container authentication {
        description "DHCP authentication";
        uses dual-stack-authentication-type;
      }  // container authentication

      leaf access-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to be used for jdhcpd";
      }

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf on-demand-address-allocation {
        type empty;
        description
          "Allocate addresses on demand";
      }

      container classification-key {
        junos:must "(".. dynamic-profile")";
        junos:must-message "dynamic profile configuration in dual-stack-group is must for configuring classification-type";
        description
          "Classification key for identifying dual stack household";
        uses classification-types;
      }  // container classification-key

      container protocol-master {
        description
          "Select family as protocol master";
        uses jdhcp-dual-stack-protocol-mstr-type;
      }  // container protocol-master

      container liveness-detection {
        description
          "DHCP client liveness detection processing";
        uses dhcp-liveness-detection-dualstack-type;
      }  // container liveness-detection

      container reauthenticate {
        junos:must "(".. on-demand-address-allocation")";
        junos:must-message "'on-demand-address-allocation' statement must be included with 'reauthenticate'";
        junos:must "(".. authentication")";
        junos:must-message "'authentication' statement must be included with 'reauthenticate'";
        description
          "DHCP client reauthenticate processing";
        leaf lease-renewal {
          type empty;
          description
            "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT";
        }

        leaf remote-id-mismatch {
          type empty;
          description
            "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation";
        }
      }  // container reauthenticate

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection
    }  // grouping dhcp-local-server-dual-stack-group

    grouping classification-types {
      description
        "Different mechanisms to identify a single household";
      uses apply-advanced;

      leaf mac-address {
        type empty;
        description "MAC address of client";
      }

      leaf circuit-id {
        type empty;
        description "Circuit-id as key";
      }

      leaf remote-id {
        type empty;
        description "Remote-id as key";
      }
    }  // grouping classification-types

    grouping dhcp-liveness-detection-dualstack-type {
      description
        "DHCP client liveness detection processing";
      uses apply-advanced;

      container failure-action {
        description
          "Liveness detection failure action options";
        uses dhcp-liveness-detection-failure-action-type;
      }  // container failure-action

      container method {
        description
          "Liveness detection method options";
        uses apply-advanced;

        choice method-choice {
          container layer2-liveness-detection {
            junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))";
            junos:must-message "Method not allowed with route-suppression enabled";
            description
              "Address resolution options";
            uses dhcp-arp-nud-liveness-detection-type;
          }  // container layer2-liveness-detection
        }  // choice method-choice
      }  // container method
    }  // grouping dhcp-liveness-detection-dualstack-type

    grouping dhcp-arp-nud-liveness-detection-type {
      description
        "Address Resolution detection options";
      uses apply-advanced;

      leaf transmit-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "300 .. 1800";
          }
        }
        units "seconds";
        default "300";
        description
          "Transmit interval for address resolution";
      }

      leaf max-consecutive-retries {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "3 .. 6";
          }
        }
        default "3";
        description "Retry attempts";
      }
    }  // grouping dhcp-arp-nud-liveness-detection-type

    grouping dhcp-liveness-detection-failure-action-type {
      description
        "Liveness detection failure action options";
      uses apply-advanced;

      choice failure-action-type {
        leaf clear-binding {
          type empty;
          description
            "Clear the client binding";
        }
        leaf clear-binding-if-interface-up {
          type empty;
          description
            "Clear the client binding only if the incoming interface is up";
        }
        leaf log-only {
          type empty;
          description
            "Maintain the client binding and log the failure event";
        }
      }  // choice failure-action-type
    }  // grouping dhcp-liveness-detection-failure-action-type

    grouping dhcp-local-server-group {
      description "DHCP groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      container authentication {
        description "DHCP authentication";
        uses authentication-type;
      }  // container authentication

      container overrides {
        presence "enable overrides";
        description
          "DHCP override processing";
        uses override-local-server-type;
      }  // container overrides

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container route-suppression {
        junos:must "(!(".. liveness-detection method layer2-liveness-detection"))";
        junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection";
        junos:must "((!(".. overrides no-arp") && !(".. .. overrides no-arp")))";
        junos:must-message "Cannot specify route-suppression with overrides no-arp";
        description
          "Suppress access-internal and/or destination route addition";
        uses dhcp-route-suppression-type;
      }  // container route-suppression

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf upto {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface up to";
        }

        leaf exclude {
          type empty;
          description
            "Exclude this interface range";
        }

        container overrides {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "DHCP override processing";
          uses override-local-server-type;
        }  // container overrides

        container dynamic-profile {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "Dynamic profile to use";
          uses dynamic-profile-type;
        }  // container dynamic-profile

        leaf access-profile {
          junos:must "("access profile $$")";
          junos:must-message "Matching access profile must be defined";
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          type string {
            length "1 .. 128";
          }
          description
            "Access profile to use for AAA services";
        }

        container short-cycle-protection {
          description
            "Short cycle lockout configuration";
          leaf lockout-min-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }

          leaf lockout-max-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }
        }  // container short-cycle-protection
      }  // list interface

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          choice violation-action-choice {
            leaf strict {
              type empty;
              description
                "Reject discover and renew";
            }
            leaf override-lease {
              type empty;
              description
                "Override assigned lease time with threshold";
            }
          }  // choice violation-action-choice
        }  // container violation-action
      }  // container lease-time-validation

      container remote-id-mismatch {
        junos:must "(!(".. reauthenticate"))";
        junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'";
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container reauthenticate {
        junos:must "(!(".. remote-id-mismatch"))";
        junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'";
        junos:must "((".. authentication" || ".. .. authentication"))";
        junos:must-message "'authentication' statement must be included with 'reauthenticate'";
        description
          "DHCP client reauthenticate processing";
        leaf lease-renewal {
          type empty;
          description
            "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT";
        }

        leaf remote-id-mismatch {
          type empty;
          description
            "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation";
        }
      }  // container reauthenticate
    }  // grouping dhcp-local-server-group

    grouping authentication-type {
      description "DHCP authentication";
      uses apply-advanced;

      leaf password {
        type string {
          length "1 .. 64";
        }
        description
          "Username password to use";
      }

      container username-include {
        description "Add username options";
        uses apply-advanced;

        leaf delimiter {
          type string {
            length "1";
          }
          description
            "Change delimiter/separator character";
        }

        leaf domain-name {
          type string {
            length "1 .. 64";
          }
          description "Add domain name";
        }

        leaf user-prefix {
          type string {
            length "1 .. 64";
          }
          description
            "Add user defined prefix";
        }

        leaf mac-address {
          type empty;
          description "Include MAC address";
        }

        container option-82 {
          presence "enable option-82";
          description "Include option 82";
          leaf circuit-id {
            type empty;
            description
              "Include option 82 circuit-id (sub option 1)";
          }

          leaf remote-id {
            type empty;
            description
              "Include option 82 remote-id (sub option 2)";
          }
        }  // container option-82

        leaf logical-system-name {
          type empty;
          description
            "Include logical system name";
        }

        leaf routing-instance-name {
          type empty;
          description
            "Include routing instance name";
        }

        container client-id {
          presence "enable client-id";
          description "Include client ID";
          leaf exclude-headers {
            type empty;
            description
              "Exclude all the headers";
          }

          leaf use-automatic-ascii-hex-encoding {
            type empty;
            description
              "Use automatic ascii hex username encoding";
          }
        }  // container client-id

        leaf option-60 {
          type empty;
          description "Include option 60";
        }

        leaf circuit-type {
          type empty;
          description "Include circuit type";
        }

        leaf interface-name {
          type empty;
          description
            "Include interface name";
        }

        leaf interface-description {
          type enumeration {
            enum "device" {
              value 0;
              description
                "Add the device interface description";
            }
            enum "logical" {
              value 1;
              description
                "Add the logical interface description";
            }
          }
          description
            "Include interface description";
        }

        leaf vlan-tags {
          type empty;
          description
            "Include the vlan tag(s)";
        }
      }  // container username-include
    }  // grouping authentication-type

    grouping dhcp-remote-id-mismatch-type {
      description
        "DHCP client remote-id-mismatch processing";
      uses apply-advanced;

      leaf disconnect {
        type empty;
        description
          "Disconnect session on remote-id mismatch";
      }
    }  // grouping dhcp-remote-id-mismatch-type

    grouping dhcp-route-suppression-type {
      uses apply-advanced;

      choice dhcp-route-suppression-choice {
        leaf access-internal {
          type empty;
          description
            "Suppress access-internal and destination route addition";
        }
        leaf destination {
          type empty;
          description
            "Suppress destination route addition";
        }
      }  // choice dhcp-route-suppression-choice
    }  // grouping dhcp-route-suppression-type

    grouping dhcpv6-local-server-type {
      uses apply-advanced;

      container authentication {
        description "DHCPv6 authentication";
        uses dhcpv6-authentication-type;
      }  // container authentication

      container liveness-detection {
        description
          "DHCPv6 client liveness detection processing";
        uses dhcpv6-liveness-detection-type;
      }  // container liveness-detection

      container reconfigure {
        presence "enable reconfigure";
        description
          "DHCPv6 reconfigure processing";
        uses dhcpv6-reconfigure-type;
      }  // container reconfigure

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      container forward-snooped-clients {
        junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))";
        junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured";
        description
          "Forward snooped (unicast) packets";
        choice interface-type {
          leaf configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured interfaces";
          }
          leaf non-configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on non-configured interfaces";
          }
          leaf all-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured and non-configured interfaces";
          }
        }  // choice interface-type
      }  // container forward-snooped-clients

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container overrides {
        presence "enable overrides";
        description
          "DHCPv6 override processing";
        uses dhcpv6-override-local-server-type;
      }  // container overrides

      container route-suppression {
        description
          "Suppress access-internal and/or access route addition";
        uses dhcpv6-route-suppression-type;
      }  // container route-suppression

      list group {
        key "name";
        ordered-by user;
        description
          "Define a DHCPv6 local server group";
        uses dhcpv6-local-server-group;
      }  // list group

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          choice violation-action-choice {
            leaf strict {
              type empty;
              description
                "Reject solicit and renew";
            }
            leaf override-lease {
              type empty;
              description
                "Override assigned lease time with threshold";
            }
          }  // choice violation-action-choice
        }  // container violation-action
      }  // container lease-time-validation

      choice requested-ip-check {
        leaf requested-ip-network-match {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 127";
            }
          }
          default "16";
          description
            "Subnet to match server's address for active and link-address for passive clients";
        }
        leaf requested-ip-interface-match {
          type empty;
          description
            "Use incoming-interface's subnet to check";
        }
      }  // choice requested-ip-check

      leaf no-snoop {
        junos:must "(!("legacy-snooping"))";
        junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement";
        type empty;
        description
          "Do not snoop DHCPV6 packets";
      }

      container server-duid-type {
        description
          "Define the DUID type to be used as the Server ID. Type supported is DUID-LL";
        uses duid-type;
      }  // container server-duid-type

      container remote-id-mismatch {
        junos:must "(!(".. reauthenticate"))";
        junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'";
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container reauthenticate {
        junos:must "(!(".. remote-id-mismatch"))";
        junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'";
        junos:must "((".. authentication" || ".. .. authentication"))";
        junos:must-message "'authentication' statement must be included with 'reauthenticate'";
        description
          "DHCP client reauthenticate processing";
        leaf lease-renewal {
          type empty;
          description
            "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT";
        }

        leaf remote-id-mismatch {
          type empty;
          description
            "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation";
        }
      }  // container reauthenticate

      container allow-leasequery {
        presence "enable allow-leasequery";
        description
          "Allow DHCPv6 leasequery";
        uses server-leasequery-type;
      }  // container allow-leasequery

      container allow-bulk-leasequery {
        presence
          "enable allow-bulk-leasequery";
        description
          "Allow DHCPv6 bulk leasequery";
        uses server-bulk-leasequery-type;
      }  // container allow-bulk-leasequery

      container allow-active-leasequery {
        presence
          "enable allow-active-leasequery";
        description
          "Allow DHCPv6 active leasequery";
        uses server-active-leasequery-type;
      }  // container allow-active-leasequery

      container duplicate-clients {
        description
          "Allow duplicate clients";
        uses dhcpv6-duplicate-clients-type;
      }  // container duplicate-clients

      container dynamic-server {
        description
          "DHCPv6 dynamic server configuration";
        uses dhcpv6-dynamic-server-type;
      }  // container dynamic-server
    }  // grouping dhcpv6-local-server-type

    grouping dhcpv6-authentication-type {
      description "DHCPv6 authentication";
      uses apply-advanced;

      leaf password {
        type string {
          length "1 .. 64";
        }
        description
          "Username password to use";
      }

      container username-include {
        description "Add username options";
        uses apply-advanced;

        leaf delimiter {
          type string {
            length "1";
          }
          description
            "Change delimiter/separator character";
        }

        leaf domain-name {
          type string {
            length "1 .. 64";
          }
          description "Add domain name";
        }

        leaf user-prefix {
          type string {
            length "1 .. 64";
          }
          description
            "Add user defined prefix";
        }

        leaf mac-address {
          type empty;
          description "Include MAC address";
        }

        container client-id {
          presence "enable client-id";
          description "Include client ID";
          leaf exclude-headers {
            type empty;
            description
              "Exclude all the headers";
          }

          leaf use-automatic-ascii-hex-encoding {
            type empty;
            description
              "Use automatic ascii hex username encoding";
          }
        }  // container client-id

        container relay-agent-remote-id {
          presence
            "enable relay-agent-remote-id";
          description
            "Include the relay agent remote ID";
          uses apply-advanced;

          choice relay-agent-remote-id-choice {
            leaf enterprise-id {
              type empty;
              status deprecated;
              description
                "Only use enterprise-id portion of option-37";
            }
            leaf remote-id {
              type empty;
              status deprecated;
              description
                "Only use remote-id portion of option-37";
            }
          }  // choice relay-agent-remote-id-choice
        }  // container relay-agent-remote-id

        leaf logical-system-name {
          type empty;
          description
            "Include logical system name";
        }

        leaf routing-instance-name {
          type empty;
          description
            "Include routing instance name";
        }

        leaf relay-agent-subscriber-id {
          type empty;
          description
            "Include the relay agent subscriber ID";
        }

        leaf relay-agent-interface-id {
          type empty;
          description
            "Include the relay agent interface ID";
        }

        leaf circuit-type {
          type empty;
          description "Include circuit type";
        }

        leaf interface-name {
          type empty;
          description
            "Include interface name";
        }

        leaf interface-description {
          type enumeration {
            enum "device" {
              value 0;
              description
                "Add the device interface description";
            }
            enum "logical" {
              value 1;
              description
                "Add the logical interface description";
            }
          }
          description
            "Include interface description";
        }

        leaf vlan-tags {
          type empty;
          description
            "Include the vlan tag(s)";
        }
      }  // container username-include
    }  // grouping dhcpv6-authentication-type

    grouping dhcpv6-duplicate-clients-type {
      description "Allow duplicate clients";
      choice distinguish-with {
        leaf incoming-interface {
          type empty;
          description
            "Allow duplicate clients on different underlying interfaces";
        }
      }  // choice distinguish-with
    }  // grouping dhcpv6-duplicate-clients-type

    grouping dhcpv6-dynamic-server-type {
      uses apply-advanced;

      container overrides {
        presence "enable overrides";
        description
          "DHCPv6 override processing";
        uses dhcpv6-override-dynamic-server-type;
      }  // container overrides

      list group {
        key "name";
        ordered-by user;
        description
          "Define a DHCPv6 dynamic server group";
        uses dhcpv6-dynamic-server-group;
      }  // list group
    }  // grouping dhcpv6-dynamic-server-type

    grouping dhcpv6-dynamic-server-group {
      description
        "DHCP dynamic server groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      leaf neighbor-discovery-router-advertisement {
        type string {
          length "1 .. 64";
        }
        description
          "Designated NDRA pool for this group";
      }

      container overrides {
        presence "enable overrides";
        description
          "DHCP override processing";
        uses dhcpv6-override-dynamic-server-type;
      }  // container overrides

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          junos:must "(!(any "system services dhcp-local-server dhcpv6 group <*> interface $$"))";
          junos:must-message "DHCP dynamic server and dhcp local server cannot be started on the same interface";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container overrides {
          description
            "DHCP override processing";
          uses dhcpv6-override-dynamic-server-type;
        }  // container overrides
      }  // list interface
    }  // grouping dhcpv6-dynamic-server-group

    grouping dhcpv6-liveness-detection-type {
      description
        "DHCPv6 client liveness detection processing";
      uses apply-advanced;

      container failure-action {
        description
          "Liveness detection failure action options";
        uses dhcp-liveness-detection-failure-action-type;
      }  // container failure-action

      container method {
        description
          "Liveness detection method options";
        uses apply-advanced;

        choice method-choice {
          container bfd {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses dhcp-bfd-liveness-detection-type;
          }  // container bfd
          container layer2-liveness-detection {
            description
              "Neighbor discovery options";
            uses dhcp-arp-nud-liveness-detection-type;
          }  // container layer2-liveness-detection
        }  // choice method-choice
      }  // container method
    }  // grouping dhcpv6-liveness-detection-type

    grouping dhcp-bfd-liveness-detection-type {
      description
        "Bidirectional Forwarding Detection (BFD) options";
      uses apply-advanced;

      leaf version {
        type enumeration {
          enum "0" {
            value 0;
            description
              "BFD version 0 (deprecated)";
          }
          enum "1" {
            value 1;
            description "BFD version 1";
          }
          enum "automatic" {
            value 2;
            description
              "Choose BFD version automatically";
          }
        }
        default "automatic";
        description
          "BFD protocol version number";
      }

      leaf minimum-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "30000 .. 255000";
          }
        }
        units "milliseconds";
        description
          "Minimum transmit and receive interval";
      }

      leaf minimum-transmit-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "30000 .. 255000";
          }
        }
        units "milliseconds";
        status deprecated;
        description
          "Minimum transmit interval";
      }

      leaf minimum-receive-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "30000 .. 255000";
          }
        }
        units "milliseconds";
        description
          "Minimum receive interval";
      }

      leaf multiplier {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 255";
          }
        }
        default "3";
        description
          "Detection time multiplier";
      }

      choice adaptation-choice {
        leaf no-adaptation {
          type empty;
          description "Disable adaptation";
        }
      }  // choice adaptation-choice

      container transmit-interval {
        description
          "Transmit-interval options";
        uses apply-advanced;

        leaf minimum-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30000 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum transmit interval";
        }

        leaf threshold {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          units "milliseconds";
          description
            "High transmit interval triggering a trap";
        }
      }  // container transmit-interval

      container detection-time {
        description "Detection-time options";
        uses apply-advanced;

        leaf threshold {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          units "milliseconds";
          description
            "High detection-time triggering a trap";
        }
      }  // container detection-time

      leaf session-mode {
        type enumeration {
          enum "automatic" {
            value 0;
            description
              "Choose session-mode automatically";
          }
          enum "single-hop" {
            value 1;
            description "Use single-hop";
          }
          enum "multihop" {
            value 2;
            description "Use multihop";
          }
        }
        default "automatic";
        description
          "BFD single-hop or multihop session-mode";
      }

      leaf holddown-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 255000";
          }
        }
        units "milliseconds";
        default "0";
        description
          "Time to hold the session-UP notification to the client";
      }
    }  // grouping dhcp-bfd-liveness-detection-type

    grouping dhcpv6-local-server-group {
      description "DHCP groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      container authentication {
        description "DHCP authentication";
        uses dhcpv6-authentication-type;
      }  // container authentication

      container liveness-detection {
        description
          "DHCPv6 client liveness detection processing";
        uses dhcpv6-liveness-detection-type;
      }  // container liveness-detection

      container reconfigure {
        presence "enable reconfigure";
        description
          "DHCPv6 reconfigure processing";
        uses dhcpv6-reconfigure-type;
      }  // container reconfigure

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container overrides {
        presence "enable overrides";
        description
          "DHCP override processing";
        uses dhcpv6-override-local-server-type;
      }  // container overrides

      container route-suppression {
        description
          "Suppress access-internal and/or access route addition";
        uses dhcpv6-route-suppression-type;
      }  // container route-suppression

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf upto {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface up to";
        }

        leaf exclude {
          type empty;
          description
            "Exclude this interface range";
        }

        leaf trace {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify tracing with exclude";
          type empty;
          description
            "Enable tracing for this interface";
        }

        container overrides {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "DHCP override processing";
          uses dhcpv6-override-local-server-type;
        }  // container overrides

        container dynamic-profile {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "Dynamic profile to use";
          uses dynamic-profile-type;
        }  // container dynamic-profile

        leaf service-profile {
          type string {
            length "1 .. 128";
          }
          description
            "Dynamic profile to use for default service activation";
        }

        leaf access-profile {
          junos:must "("access profile $$")";
          junos:must-message "Matching access profile must be defined";
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          type string {
            length "1 .. 128";
          }
          description
            "Access profile to use for AAA services";
        }

        container short-cycle-protection {
          description
            "Short cycle lockout configuration";
          leaf lockout-min-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }

          leaf lockout-max-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }
        }  // container short-cycle-protection
      }  // list interface

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          choice violation-action-choice {
            leaf strict {
              type empty;
              description
                "Reject solicit and renew";
            }
            leaf override-lease {
              type empty;
              description
                "Override assigned lease time with threshold";
            }
          }  // choice violation-action-choice
        }  // container violation-action
      }  // container lease-time-validation

      container remote-id-mismatch {
        junos:must "(!(".. reauthenticate"))";
        junos:must-message "'remote-id-mismatch' statement cannot be included with 'reauthenticate'";
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container reauthenticate {
        junos:must "(!(".. remote-id-mismatch"))";
        junos:must-message "'reauthenticate' statement cannot be included with 'remote-id-mismatch'";
        junos:must "((".. authentication" || ".. .. authentication"))";
        junos:must-message "'authentication' statement must be included with 'reauthenticate'";
        description
          "DHCP client reauthenticate processing";
        leaf lease-renewal {
          type empty;
          description
            "Reauthenticate on each renew, rebind, DISCOVER or SOLICIT";
        }

        leaf remote-id-mismatch {
          type empty;
          description
            "Reauthenticate on remote-id mismatch for renew, rebind and re-negotiation";
        }
      }  // container reauthenticate
    }  // grouping dhcpv6-local-server-group

    grouping dhcpv6-override-dynamic-server-type {
      description "DHCP override processing";
      uses apply-advanced;

      leaf interface-client-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 500000";
          }
        }
        description
          "Limit the number of clients allowed on an interface";
      }

      leaf rapid-commit {
        type empty;
        description
          "Enable rapid commit processing";
      }

      container process-inform {
        presence "enable process-inform";
        description
          "Process INFORMATION request PDUs";
        uses apply-advanced;

        leaf pool {
          type string {
            length "1 .. 64";
          }
          description
            "Pool name for family inet6";
        }
      }  // container process-inform

      leaf delegated-pool {
        type string {
          length "1 .. 64";
        }
        description
          "Delegated pool name for inet6";
      }

      leaf ia-na-pool {
        type string {
          length "1 .. 64";
        }
        description
          "IA_NA pool name for inet6";
      }
    }  // grouping dhcpv6-override-dynamic-server-type

    grouping dhcpv6-override-local-server-type {
      description "DHCP override processing";
      uses apply-advanced;

      leaf interface-client-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 500000";
          }
        }
        description
          "Limit the number of clients allowed on an interface";
      }

      leaf rapid-commit {
        type empty;
        description
          "Enable rapid commit processing";
      }

      container client-negotiation-match {
        description
          "Use secondary match criteria for SOLICIT PDU";
        choice match-with {
          leaf incoming-interface {
            type empty;
            description
              "Use incoming interface";
          }
        }  // choice match-with
      }  // container client-negotiation-match

      container process-inform {
        presence "enable process-inform";
        description
          "Process INFORMATION request PDUs";
        uses apply-advanced;

        leaf pool {
          type string {
            length "1 .. 64";
          }
          description
            "Pool name for family inet6";
        }
      }  // container process-inform

      container delay-advertise {
        presence "enable delay-advertise";
        description
          "Filter options for dhcp-server";
        uses dhcpv6-filter-option;
      }  // container delay-advertise

      leaf delegated-pool {
        type string {
          length "1 .. 64";
        }
        description
          "Delegated pool name for inet6";
      }

      leaf multi-address-embedded-option-response {
        type empty;
        description
          "If the client requests multiple addresses place the options in each address";
      }

      leaf always-process-option-request-option {
        type empty;
        description
          "Always process option even after address allocation failure";
      }

      leaf delete-binding-on-renegotiation {
        type empty;
        description
          "Delete binding on renegotiation";
      }

      leaf top-level-status-code {
        type empty;
        description
          "A top level status code option rather than encapsulated in IA for NoAddrsAvail in Advertise PDUs";
      }

      leaf always-add-option-dns-server {
        type empty;
        description
          "Add option-23, DNS recursive name server in Advertise and Reply";
      }

      leaf asymmetric-lease-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "600 .. 86400";
          }
        }
        units "seconds";
        description
          "Use a reduced lease time for the client. In seconds";
      }

      leaf asymmetric-prefix-lease-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "600 .. 86400";
          }
        }
        units "seconds";
        description
          "Use a reduced prefix lease time for the client. In seconds";
      }

      leaf protocol-attributes {
        type string {
          length "1 .. 64";
        }
        description
          "DHCPv6 attributes to use as defined under access protocol-attributes";
      }

      leaf dual-stack {
        type string {
          length "1 .. 64";
        }
        description
          "Dual stack group to use";
      }
    }  // grouping dhcpv6-override-local-server-type

    grouping dhcpv6-filter-option {
      description
        "Generic DHCPv6 filter processing";
      uses apply-advanced;

      leaf delay-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 30";
          }
        }
        units "seconds";
        default "3";
        description
          "Time delay between solicit and advertise";
      }

      container based-on {
        description "Option number";
        uses apply-advanced;

        container option-18 {
          presence "enable option-18";
          description "Option 18";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-18

        container option-37 {
          presence "enable option-37";
          description "Option 37";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-37

        container option-15 {
          presence "enable option-15";
          description "Option 15";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-15

        container option-16 {
          presence "enable option-16";
          description "Option 16";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-16
      }  // container based-on
    }  // grouping dhcpv6-filter-option

    grouping dhcpv6-reconfigure-type {
      description
        "DHCPv6 reconfigure processing";
      uses apply-advanced;

      leaf strict {
        type empty;
        description
          "Only allow packets containing Reconfigure Accept Option";
      }

      leaf clear-on-abort {
        type empty;
        description
          "Delete client on reconfiguration abort";
      }

      leaf attempts {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        description
          "Number of reconfigure attempts before aborting";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        description
          "Initial timeout value for retry";
      }

      leaf token {
        type string {
          length "1 .. 244";
        }
        description "Reconfigure token";
      }

      container trigger {
        description
          "DHCP reconfigure trigger";
        uses reconfigure-trigger-type;
      }  // container trigger

      leaf support-option-pd-exclude {
        type empty;
        description
          "Request prefix exclude option in reconfigure message";
      }
    }  // grouping dhcpv6-reconfigure-type

    grouping dhcpv6-route-suppression-type {
      description
        "Suppress access-internal and/or access route addition";
      leaf access {
        type empty;
        description
          "Suppress access route addition";
      }

      leaf access-internal {
        type empty;
        description
          "Suppress access-internal route addition";
      }
    }  // grouping dhcpv6-route-suppression-type

    grouping dual-stack-authentication-type {
      description
        "DHCP dual stack authentication";
      uses apply-advanced;

      leaf password {
        type string {
          length "1 .. 64";
        }
        description
          "Username password to use";
      }

      container username-include {
        description "Add username options";
        uses apply-advanced;

        leaf delimiter {
          type string {
            length "1";
          }
          description
            "Change delimiter/separator character";
        }

        leaf domain-name {
          type string {
            length "1 .. 64";
          }
          description "Add domain name";
        }

        leaf user-prefix {
          type string {
            length "1 .. 64";
          }
          description
            "Add user defined prefix";
        }

        leaf mac-address {
          type empty;
          description "Include MAC address";
        }

        container client-id {
          presence "enable client-id";
          description "Include client ID";
          leaf exclude-headers {
            type empty;
            description
              "Exclude all the headers";
          }

          leaf use-automatic-ascii-hex-encoding {
            type empty;
            description
              "Use automatic ascii hex username encoding";
          }
        }  // container client-id

        leaf relay-agent-remote-id {
          type empty;
          description
            "Include the relay agent remote ID";
        }

        leaf logical-system-name {
          type empty;
          description
            "Include logical system name";
        }

        leaf routing-instance-name {
          type empty;
          description
            "Include routing instance name";
        }

        leaf relay-agent-interface-id {
          type empty;
          description
            "Include the relay agent interface ID";
        }

        leaf interface-name {
          type empty;
          description
            "Include interface name";
        }

        leaf interface-description {
          type enumeration {
            enum "device" {
              value 0;
              description
                "Add the device interface description";
            }
            enum "logical" {
              value 1;
              description
                "Add the logical interface description";
            }
          }
          description
            "Include interface description";
        }

        leaf circuit-type {
          type empty;
          description "Include circuit type";
        }

        leaf vlan-tags {
          type empty;
          description
            "Include the vlan tag(s)";
        }
      }  // container username-include
    }  // grouping dual-stack-authentication-type

    grouping duid-type {
      uses apply-advanced;

      leaf duid_ll {
        type empty;
        description
          "Link Layer Address based DUID ";
      }
    }  // grouping duid-type

    grouping dynamic-profile-type {
      description "Dynamic profile to use";
      uses apply-advanced;

      leaf dynamic-profile {
        junos:must "("dynamic-profiles $$")";
        junos:must-message "Dynamic profile must be defined";
        type string {
          length "1 .. 80";
        }
        description "Dynamic profile to use";
      }

      choice dynamic-profile-type-choice {
        leaf use-primary {
          junos:must "("dynamic-profiles $$")";
          junos:must-message "Dynamic profile must be defined";
          type string {
            length "1 .. 80";
          }
          description
            "Dynamic profile to use on the primary interface";
        }
        container aggregate-clients {
          presence
            "enable aggregate-clients";
          description
            "Aggregate client profiles";
          uses apply-advanced;

          choice aggregate-type {
            leaf merge {
              type empty;
              description
                "Merge the client dynamic profiles";
            }
            leaf replace {
              type empty;
              description
                "Replace client dynamic profiles";
            }
          }  // choice aggregate-type
        }  // container aggregate-clients
      }  // choice dynamic-profile-type-choice
    }  // grouping dynamic-profile-type

    grouping jdhcp-dual-stack-protocol-mstr-type {
      description
        "Select family as protocol master";
      choice addr-fam {
        leaf inet {
          type empty;
          description
            "INET family has protocol master behavior";
        }
        leaf inet6 {
          type empty;
          description
            "INET6 family has protocol master behavior";
        }
      }  // choice addr-fam
    }  // grouping jdhcp-dual-stack-protocol-mstr-type

    grouping jdhcp-duplicate-clients-in-subnet-type {
      description
        "Allow duplicate clients in a subnet";
      choice distinguish-with {
        leaf incoming-interface {
          type empty;
          description
            "Allow duplicate clients on different interfaces in a subnet";
        }
        leaf option-82 {
          type empty;
          description
            "Allow duplicate clients using different option-82 options in a subnet";
        }
      }  // choice distinguish-with
    }  // grouping jdhcp-duplicate-clients-in-subnet-type

    grouping jsscd-static-subscribers-type {
      uses apply-advanced;

      container access-profile {
        description
          "Access profile reference";
        uses jsscd-access-profile-type;
      }  // container access-profile

      container dynamic-profile {
        description
          "Dynamic profile reference";
        uses jsscd-dynamic-profile-type;
      }  // container dynamic-profile

      container service-profile {
        description
          "Dynamic profile to use for default service activation";
        uses jsscd-service-profile-type;
      }  // container service-profile

      container authentication {
        description
          "Static Subscriber Client authentication";
        uses jsscd-authentication-type;
      }  // container authentication

      list group {
        key "name";
        ordered-by user;
        description
          "Static Subscriber Client group configuration";
        uses jsscd-group-type;
      }  // list group

      leaf auto-login {
        type empty;
        description
          "Auto login the operator logged-out static subscribers";
      }

      leaf baseline-stats {
        type empty;
        description
          "Baseline the statistics for static subscribers";
      }

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          junos:must "((".. subscriber-ip-address" || ".. subscriber-ipv6-address"))";
          junos:must-message "subscriber ip or ipv6 address must be configured";
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container subscriber-ip-address {
          description
            "Assigned IP address to report externally";
          uses apply-advanced;

          leaf address {
            type jt:ipv4addr;
            description "IPv4 address";
          }
        }  // container subscriber-ip-address

        container subscriber-ipv6-address {
          description
            "Assigned IPv6 address to report externally";
          uses apply-advanced;

          leaf address {
            type jt:ipv6prefix;
            description
              "IPv6 Address or Prefix";
          }
        }  // container subscriber-ipv6-address
      }  // list interface
    }  // grouping jsscd-static-subscribers-type

    grouping jsscd-access-profile-type {
      description
        "Access profile for static subscribers";
      uses apply-advanced;

      leaf access-profile-name {
        junos:must "("access profile $$")";
        junos:must-message "referenced access profile must be defined";
        type string;
        description "Profile name";
      }
    }  // grouping jsscd-access-profile-type

    grouping jsscd-authentication-type {
      description
        "Static Subscriber Client authentication";
      uses apply-advanced;

      leaf password {
        type jt:unreadable;
        description
          "Username password to use";
      }

      container username-include {
        description "Add username options";
        uses apply-advanced;

        leaf delimiter {
          type string {
            length "1";
          }
          description
            "Change delimiter/separator character";
        }

        leaf domain-name {
          type string {
            length "1 .. 64";
          }
          description "Add domain name";
        }

        leaf user-prefix {
          type string {
            length "1 .. 64";
          }
          description
            "Add user defined prefix";
        }

        leaf interface {
          type empty;
          description
            "Include interface name";
        }

        leaf logical-system-name {
          type empty;
          description
            "Include logical system name";
        }

        leaf routing-instance-name {
          type empty;
          description
            "Include routing instance name";
        }

        leaf vlan-tags {
          type empty;
          description "Include vlan tag(s)";
        }
      }  // container username-include
    }  // grouping jsscd-authentication-type

    grouping jsscd-dynamic-profile-type {
      description "Dynamic profile to use";
      uses apply-advanced;

      leaf dynamic-profile-name {
        junos:must "("dynamic-profiles $$")";
        junos:must-message "Dynamic profile must be defined";
        type string {
          length "1 .. 80";
        }
        description "Dynamic profile to use";
      }

      container aggregate-clients {
        presence "enable aggregate-clients";
        description
          "Aggregate client profiles";
        uses apply-advanced;

        choice aggregate-type {
          leaf merge {
            type empty;
            description
              "Merge the client dynamic profiles";
          }
          leaf replace {
            type empty;
            description
              "Replace client dynamic profiles";
          }
        }  // choice aggregate-type
      }  // container aggregate-clients
    }  // grouping jsscd-dynamic-profile-type

    grouping jsscd-group-type {
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      container service-profile {
        description
          "Dynamic profile to use for default service activation";
        uses jsscd-service-profile-type;
      }  // container service-profile

      container access-profile {
        description
          "Access profile reference";
        uses jsscd-access-profile-type;
      }  // container access-profile

      container dynamic-profile {
        description
          "Dynamic profile reference";
        uses jsscd-dynamic-profile-type;
      }  // container dynamic-profile

      container authentication {
        description
          "Static Subscriber Client authentication";
        uses jsscd-authentication-type;
      }  // container authentication

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        leaf upto {
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface up to";
        }

        leaf exclude {
          type empty;
          description
            "Exclude this interface range";
        }
      }  // list interface

      leaf auto-login {
        type empty;
        description
          "Auto login the operator logged-out static subscribers";
      }
    }  // grouping jsscd-group-type

    grouping jsscd-service-profile-type {
      description
        "Service profile for static subscribers";
      uses apply-advanced;

      leaf service-profile-name {
        junos:must "("dynamic-profiles $$")";
        junos:must-message "referenced service profile must be defined";
        type string {
          length "1 .. 80";
        }
        description "Service profile name";
      }
    }  // grouping jsscd-service-profile-type

    grouping juniper-bridge-domains {
      description "Bridge domains";
      leaf name {
        type string {
          junos:posix-pattern "!^((__.*__)|(.{129,})|(.*[+].*))$";
          junos:pattern-message "Must be a non-reserved string of 128 characters or less";
        }
        description "Bridge domain name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^.{1,255}$";
          junos:pattern-message "Must be a string of 255 characters or less";
        }
        description
          "Text description of bridge domain";
      }

      leaf domain-type {
        type enumeration {
          enum "bridge" {
            value 0;
            description
              "Forwarding instance";
          }
        }
        description "Type of bridge domain";
      }

      choice vlan_choice {
        leaf vlan-id {
          type string;
          description
            "IEEE 802.1q VLAN identifier for bridging domain";
        }
        container vlan-tags {
          presence "enable vlan-tags";
          description
            "IEEE 802.1q VLAN tags for bridging domain";
          leaf outer {
            type string {
              junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$";
              junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094";
            }
            description
              "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
          }

          leaf inner {
            type string {
              junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$";
              junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094";
            }
            description
              "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
          }
        }  // container vlan-tags
        leaf-list vlan-id-list {
          junos:must "(!(" .. .. .. pbb-options"))";
          junos:must-message "vlan-id-list is not supported for i-comp routing-instance";
          junos:must "((!(".. isolated-vlan") && !(".. community-vlans")))";
          junos:must-message "PVLAN related configuration cannot be specified with vlan-id-list";
          junos:must "(!(" .. vxlan"))";
          junos:must-message "vxlan can not be specified under vlan-id-list";
          junos:must "(!(" .. multicast-snooping-options"))";
          junos:must-message "multicast-snooping-options can not be specified under vlan-id-list";
          junos:must "(!(" .. protocols"))";
          junos:must-message "protocols can not be specified under vlan-id-list";
          junos:must "(!(" .. no-local-switching"))";
          junos:must-message "no-local-switching can not be specified under vlan-id-list";
          junos:must "(!(" .. domain-type"))";
          junos:must-message "domain-type can not be specified  under vlan-id-list";
          junos:must "(!(".. interface"))";
          junos:must-message "interface can not be specified under vlan-id-list";
          junos:must "(!(any ".. bridge-options interface <*> static-mac"))";
          junos:must-message "static mac can not be specified under vlan-id-list";
          type jt:vlan-range;
          description
            "Create bridge-domain for each of the vlan-id specified in the vlan-id-list";
        }
      }  // choice vlan_choice

      leaf-list isid-list {
        junos:must "(".. vlan-id")";
        junos:must-message "isid-list can be configured only under container with 'vlan-id'";
        junos:must "(!(" .. .. .. pbb-options"))";
        junos:must-message "isid-list and pbb-options can not co-exist for same routing-instance";
        junos:must "(!(" .. vxlan"))";
        junos:must-message "vxlan can not be specified under isid-list";
        junos:must "(!(".. vlan-id inner-all"))";
        junos:must-message "vlan-id inner-all can not be specified with isid-list";
        junos:must "(!(" .. vlan-id none"))";
        junos:must-message "vlan-id none  can not be specified with isid-list";
        junos:must "(!(" .. vlan-id all"))";
        junos:must-message "vlan-id all  can not be specified with isid-list";
        type string;
        ordered-by user;
        description
          "Create bridge-domain for isid (Valid isid:256..16777214)";
      }

      leaf vlan-id-scope-local {
        junos:must "(".. .. .. protocols evpn")";
        junos:must-message "scope-local can be configured only when routing-instance protocol type is evpn";
        junos:must "(".. isid-list")";
        junos:must-message "scope-local can be configured only when bridge-domain has isid-list configured";
        junos:must "(".. vlan-id")";
        junos:must-message "scope-local can be configured only under container with 'vlan-id'";
        type empty;
        description
          "Enable the scope of vlan-id local to avoid transmitting vlan tagged packets";
      }

      leaf service-id {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "Service id required if bridge-domain is of type MC-AE and vlan-id all or vlan-id none or vlan-tags";
      }

      leaf domain-id {
        junos:must "("routing-instances ${instance} protocols evpn")";
        junos:must-message "domain-id is allowed for EVPN instances only";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 15";
          }
        }
        description
          "Domain-id for auto derived Route Target";
      }

      leaf no-local-switching {
        type empty;
        description
          "Disable local switching within CE-facing interfaces";
      }

      leaf mcae-mac-synchronize {
        type empty;
        description
          "Enable IRB MAC synchronization in this bridge domain";
      }

      leaf mcae-mac-flush {
        type empty;
        description
          "Enable MCAE MAC flush in a/s mode for a bridge domain on MCAE link up";
      }

      leaf no-irb-layer-2-copy {
        junos:must "(".. routing-interface")";
        junos:must-message "routing-interface must be configured to configure this feature";
        type empty;
        description
          "Disable transmission of layer-2 copy of packets of irb routing-interface";
      }

      leaf enable-mac-move-action {
        type empty;
        description
          "Enable blocking action due to mac-move in this Bridge Domain";
      }

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface name for this bridge domain";
        leaf name {
          junos:must "(!("interfaces $$-IFL encapsulation ethernet"))";
          junos:must-message "encapsulation ethernet is not allowed on l2 interface";
          junos:must "((!("interfaces $$-IFL etree-ac-role") || "routing-instances ${instance} protocols evpn evpn-etree"))";
          junos:must-message "etree must be enabled under routing-instance";
          junos:must "((!("interfaces $$-IFL family") || "interfaces $$-IFL family bridge"))";
          junos:must-message "only family bridge can be configured on this interface";
          junos:must "((!(("interfaces $$-IFL vlan-id-list" || "interfaces $$-IFL vlan-tags inner-list")) || !((".. .. vlan-id" || ".. .. vlan-tags"))))";
          junos:must-message "interface with vlan-id-list/inner-list cannot be added to bridge-domain with a vlan-id/vlan-tags configured";
          junos:must "(!("irb"))";
          junos:must-message "IRB interface is not supported as interface in bridge-domain";
          junos:must "(!("interfaces $$-IFL family bridge interface-mode"))";
          junos:must-message "Interface with 'interface-mode' is not allowed in a bridge-domain";
          junos:must "(!(".. .. .. interfaces $$"))";
          junos:must-message "This interface is already defined at the routing-instance level";
          junos:must "(((!("interfaces $$-IFL vlan-id-range") || ".. .. vlan-id all") || (".. .. no-normalization" || ".. .. bridge-options no-normalization")))";
          junos:must-message "vlan-id-range is specified for this logical interface; 'vlan-id all' should also be enabled";
          junos:must "(((".. .. vlan-id all" && "interfaces $$-IFL input-vlan-map pop") || (".. .. vlan-id inner-all" || (!((".. .. vlan-id" || ".. .. vlan-tags")) || (!(("interfaces $$-IFL input-vlan-map" || "interfaces $$-IFL output-vlan-map")) || (".. .. no-normalization" || ".. .. bridge-options no-normalization"))))))";
          junos:must-message "interface with input/output vlan-maps cannot be added to a routing-instance with a vlan-id/vlan-tags configured";
          junos:must "((!("interfaces $$-IFL vlan-tags inner-range") || ((".. .. vlan-id all" || ".. .. vlan-id inner-all") || (".. .. no-normalization" || ".. .. bridge-options no-normalization"))))";
          junos:must-message "vlan-tags inner-range is specified for this logical interface; 'vlan-id all' or 'vlan-id inner-all' should also be enabled";
          type string;
        }

        uses apply-advanced;

        leaf protect-interface {
          junos:must "("interfaces $$")";
          junos:must-message "Interface must be part of this routing instance";
          junos:must "(!("interfaces ${inter_name} esi"))";
          junos:must-message "ESI can not be configured for protect interface";
          junos:must "("routing-instances ${instance} protocols evpn")";
          junos:must-message "Protocol EVPN must be configured in the evpn instance";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Name of protect interface";
        }
      }  // list interface

      leaf routing-interface {
        junos:must "(!((".. .. .. protocols evpn mclag" && !(".. no-arp-suppression"))))";
        junos:must-message "no-arp-suppression needs to be configured, when evpn is configured with mclag.";
        junos:must "(!((".. mcae-mac-synchronize" && "interfaces $$-IFL mac")))";
        junos:must-message "irb-ifl mac and bridge mcae-mac-synchronize cannot coexist";
        junos:must "((!("interfaces $$-IFL virtual-gateway-esi") || "routing-instances ${instance} protocols evpn encapsulation vxlan"))";
        junos:must-message "irb-ifl with virtual-gateway-esi only for instance with encapsulation type vxlan";
        junos:must "(!(any ".. interface <ps*>"))";
        junos:must-message "IRB cannot be added to bridge-domain with PS interface";
        junos:must "((!("interfaces $$-IFL family mpls") || !(("routing-instances ${instance} instance-type virtual-switch" && ("routing-instances ${instance} protocols vpls" && "routing-instances ${instance} route-distinguisher")))))";
        junos:must-message "routing-interface with family mpls cannot be added to virtual-switch with protocol VPLS";
        junos:must "((!(".. vlan-tags") || !("interfaces $$-IFL family mpls")))";
        junos:must-message "routing-interface with family mpls cannot be added to bridge-domain with 'vlan-tags'";
        junos:must "(!("routing-instances ${instance} service-type vlan-bundle"))";
        junos:must-message "routing-interface not valid for vlan-bundle service type";
        junos:must "((!(".. vlan-id all") && !(".. vlan-id inner-all")))";
        junos:must-message "routing-interface cannot be configured under bridge-domain with 'vlan-id all' or 'vlan-id inner-all'";
        junos:must "((".. vlan-id" || ".. vlan-tags"))";
        junos:must-message "routing-interface can be configured only under bridge-domain with 'vlan-id' or 'vlan-tags'";
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Routing interface name for this bridge-domain";
      }

      container forwarding-options {
        description
          "Forwarding options configuration";
        uses juniper-bridge-forwarding-options;
      }  // container forwarding-options

      container bridge-options {
        description
          "Bridge domain configuration";
        uses juniper-protocols-bd;
      }  // container bridge-options

      container protocols {
        presence "enable protocols";
        uses apply-advanced;

        container igmp-snooping {
          presence "enable igmp-snooping";
          description
            "IGMP snooping configuration";
          uses juniper-bd-protocols-igmp-snooping;
        }  // container igmp-snooping

        container mld-snooping {
          presence "enable mld-snooping";
          description
            "MLD snooping configuration";
          uses juniper-bd-protocols-mld-snooping;
        }  // container mld-snooping
      }  // container protocols

      container vxlan {
        junos:must "((". ovsdb-managed" || (". multicast-group" || (". multicast-v6-group" || ("routing-instances ${instance} protocols evpn encapsulation vxlan" || (". ingress-node-replication" || ".. .. .. switch-options ovsdb-managed"))))))";
        junos:must-message "multicast-group or ovsdb-managed or ingress-node-replication or protocols evpn encapsulation vxlan should be enabled";
        junos:must "((". ovsdb-managed" || (".. .. .. switch-options ovsdb-managed" || ("routing-instances ${instance} protocols evpn encapsulation vxlan" || (". multicast-group" || (". multicast-v6-group" || ("routing-instances ${instance} remote-vtep-list" || ("routing-instances ${instance} remote-vtep-v6-list" || (".. .. .. switch-options remote-vtep-v6-list" || ".. .. .. switch-options remote-vtep-list")))))))))";
        junos:must-message "One of multicast-group or ovsdb-managed or protocols evpn encapsulation vxlan or remote-vtep-list should be enabled. ingress-node-replication must be configured when remote-vtep-list is configured";
        junos:must "((!(".. vlan-id all") && !(".. vlan-id inner-all")))";
        junos:must-message "vxlan does not support bridge domain with 'vlan-id all' or 'vlan-id inner-all'";
        junos:must "(("routing-instances ${instance} vtep-source-interface" || ".. .. .. switch-options vtep-source-interface"))";
        junos:must-message "vtep-source-interface is required for VXLAN configuration";
        description "VXLAN options";
        uses apply-advanced;

        leaf ovsdb-managed {
          junos:must "(!("routing-instances ${instance} protocols evpn encapsulation vxlan"))";
          junos:must-message "Not valid with protocols evpn encapsulation vxlan";
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. .. .. .. switch-options remote-vtep-list" || ".. multicast-group"))))";
          junos:must-message "ovsdb-managed not valid with remote-vtep-list or multicast-group";
          type empty;
          description
            "Bridge-domain is managed remotely via VXLAN OVSDB Controller";
        }

        leaf vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 16777214";
            }
          }
          description "VXLAN identifier";
        }

        leaf translation-vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16777214";
            }
          }
          description
            "Translated VXLAN identifier";
        }

        leaf multicast-group {
          junos:must "(!("routing-instances ${instance} protocols evpn encapsulation vxlan"))";
          junos:must-message "Not valid with protocols evpn encapsulation vxlan";
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. .. .. .. switch-options remote-vtep-list" || (".. ovsdb-managed" || (".. .. .. .. switch-options ovsdb-managed" || ("routing-instances ${instance} switch-options ovsdb-managed" || ".. multicast-v6-group")))))))";
          junos:must-message "multicast-group not valid with remote-vtep-list or ovsdb-managed";
          type jt:ipv4addr;
          description
            "Multicast group registered for VXLAN segment";
        }

        leaf encapsulate-inner-vlan {
          junos:must "(!(".. .. vlan-id none"))";
          junos:must-message "encapsulate inner vlan not valid with vlan-id none";
          type empty;
          description
            "Retain inner VLAN in the packet";
        }

        leaf decapsulate-accept-inner-vlan {
          junos:must "(!(".. .. vlan-id none"))";
          junos:must-message "accept inner vlan not valid with vlan-id none";
          type empty;
          description
            "Accept VXLAN packets with inner VLAN";
        }

        leaf unreachable-vtep-aging-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "300 .. 1800";
            }
          }
          units "seconds";
          description
            "Unreachable VXLAN tunnel endpoint removal timer";
        }

        leaf ingress-node-replication {
          junos:must "(!(".. .. .. .. protocols evpn assisted-replication"))";
          junos:must-message "ingress-node-replication cannot be configured with assisted-replication";
          junos:must "((".. ovsdb-managed" || (".. .. .. .. switch-options ovsdb-managed" || ("routing-instances ${instance} protocols evpn encapsulation vxlan" || ("routing-instances ${instance} remote-vtep-list" || ("routing-instances ${instance} remote-vtep-v6-list" || (".. .. .. .. switch-options remote-vtep-v6-list" || ".. .. .. .. switch-options remote-vtep-list")))))))";
          junos:must-message "Valid for ovsdb-managed instance or with remote-vtep-list or remote-vtep-v6-list or evpn vxlan";
          type empty;
          description
            "Enable ingress node replication";
        }

        leaf-list static-remote-vtep-list {
          type jt:ipaddr;
          max-elements 1024;
          description
            "Configure bridge domain specific static remote VXLAN tunnel endpoints";
        }
      }  // container vxlan

      leaf isolated-vlan {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4094";
          }
        }
        description
          "Isolated VLAN ID for private vlan bridge domain";
      }

      leaf-list community-vlans {
        type jt:vlan-range;
        description
          "List of Community VLANs for private vlan bridge domain";
      }

      container proxy-mac {
        junos:must "((".. .. .. instance-type virtual-switch" || ".. .. .. instance-type mac-vrf"))";
        junos:must-message "Applicable to instance-type evpn or mac-vrf only";
        description "Proxy MAC settings";
        uses apply-advanced;

        leaf irb {
          junos:must "(!(".. .. no-arp-suppression"))";
          junos:must-message "Proxy MAC is not supported with no-arp-suppression";
          junos:must "((".. .. routing-interface" && !(".. proxy-mac-address")))";
          junos:must-message "Proxy MAC in IRB mode should have routing-interface configured";
          type empty;
          description
            "Reply with virtual-gateway MAC or IRB MAC";
        }

        leaf proxy-mac-address {
          junos:must "(!(".. .. no-arp-suppression"))";
          junos:must-message "Proxy MAC is not supported with no-arp-suppression";
          junos:must "((!(".. .. routing-interface") && !(".. irb")))";
          junos:must-message "Proxy MAC with specified MAC should not have routing-interface configured";
          type jt:mac-unicast;
          description
            "Reply with configured MAC for all requests";
        }
      }  // container proxy-mac

      container multicast-snooping-options {
        description
          "Multicast snooping option configuration";
        uses juniper-multicast-snooping-options;
      }  // container multicast-snooping-options
    }  // grouping juniper-bridge-domains

    grouping juniper-bd-protocols-igmp-snooping {
      description "IGMP snooping options";
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for IGMP Snooping";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all IGMP packets";
              }
              enum "query" {
                value 1;
                description
                  "Trace IGMP membership query messages";
              }
              enum "report" {
                value 2;
                description
                  "Trace membership report messages";
              }
              enum "leave" {
                value 3;
                description
                  "Trace leave group messages (IGMPv2 only)";
              }
              enum "group" {
                value 4;
                description
                  "Trace group operations";
              }
              enum "client-notification" {
                value 5;
                description
                  "Trace notifications";
              }
              enum "host-notification" {
                value 6;
                description
                  "Trace host notifications";
              }
              enum "route" {
                value 7;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 8;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 9;
                description
                  "Trace general events";
              }
              enum "state" {
                value 10;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 11;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 12;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 13;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 14;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf query-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1024";
          }
        }
        units "seconds";
        default "125";
        description
          "When to send host query messages";
      }

      container l2-querier {
        description "Enable L2 querier mode";
        uses apply-advanced;

        leaf source-address {
          type jt:ipv4addr;
          description
            "Source IP address to use for L2 querier";
        }
      }  // container l2-querier

      leaf query-response-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "10";
        description
          "How long to wait for a host query response";
      }

      leaf query-last-member-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "1";
        description
          "When to send group query messages";
      }

      leaf robust-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 10";
          }
        }
        default "2";
        description
          "Expected packet loss on a subnet";
      }

      leaf learn-pim-router {
        type empty;
        description
          "Learn PIM router interfaces from PIM hellos";
      }

      leaf immediate-leave {
        type empty;
        description
          "Enable immediate group leave on interfaces";
      }

      leaf evpn-ssm-reports-only {
        type empty;
        description
          "Accept and process only <s,g> reports of SSM groups";
      }

      container proxy {
        presence "enable proxy";
        description "Enable proxy mode";
        uses apply-advanced;

        leaf source-address {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "With qualified-learning source-address should be configured under Vlan options";
          type jt:ipv4addr;
          description
            "Source IP address to use for proxy";
        }

        leaf irb {
          type empty;
          description
            "Proxy IGMP reports to IRB";
        }
      }  // container proxy

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface options for IGMP";
        leaf name {
          junos:must "(!("interfaces $$-IFL vlan-tags inner-range"))";
          junos:must-message "interface with vlan-tags inner-range should be specified in a learning-domain only";
          junos:must "(!("interfaces $$-IFL vlan-id-range"))";
          junos:must-message "interface with vlan-id-range should be specified in a learning-domain only";
          junos:must "(((".. .. .. .. interface $$" || ".. .. .. .. .. .. interface $$") || (!(".. .. .. .. .. .. .. .. routing-instances") && ("interfaces $$-IFL family bridge interface-mode" && !(any "routing-instances <*> interface $$")))))";
          junos:must-message "interface options can be specified for the interfaces in the routing-instance";
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, interface should be configured only under vlan";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        leaf host-only-interface {
          junos:must "(!(".. multicast-router-interface"))";
          junos:must-message "interface cannot be both host-only and multicast-router";
          type empty;
          description
            "Enable interfaces to be treated as host-side interfaces";
        }

        leaf group-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          description
            "Maximum number of (source,group) per interface";
        }

        container static {
          description
            "Static group or source membership";
          uses apply-advanced;

          list group {
            key "name";
            ordered-by user;
            description
              "IP multicast group address";
            leaf name {
              type jt:ipv4addr;
              description
                "IP multicast group address";
            }

            uses apply-advanced;

            list source {
              key "name";
              ordered-by user;
              description
                "IP multicast source address";
              leaf name {
                type jt:ipv4addr;
                description
                  "Source address of IP multicast data";
              }

              uses apply-advanced;
            }  // list source
          }  // list group
        }  // container static
      }  // list interface

      list pseudowire-remote-address {
        junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
        junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
        key "name";
        ordered-by user;
        description
          "Pseudowire interface options for IGMP";
        leaf name {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, pseudowire-remote-address should be configured only under vlan";
          type jt:ipv4addr;
          description
            "Pseudowire endpoint address";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }
      }  // list pseudowire-remote-address

      list vlan {
        key "name";
        ordered-by user;
        description "Vlan options";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description "VLAN name";
        }

        uses apply-advanced;

        leaf query-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1024";
            }
          }
          units "seconds";
          description
            "When to send host query messages";
        }

        leaf query-response-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "How long to wait for a host query response";
        }

        leaf query-last-member-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "When to send group query messages";
        }

        leaf robust-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Expected packet loss on a subnet";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        container proxy {
          presence "enable proxy";
          description "Enable proxy mode";
          uses apply-advanced;

          leaf source-address {
            type jt:ipv4addr;
            description
              "Source IP address to use for proxy";
          }
        }  // container proxy

        leaf evpn-ssm-reports-only {
          type empty;
          description
            "Accept and process only <s,g> reports of SSM groups";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface options for IGMP";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          leaf host-only-interface {
            junos:must "(!(".. multicast-router-interface"))";
            junos:must-message "interface cannot be both host-only and multicast-router";
            type empty;
            description
              "Enable interfaces to be treated as host-side interfaces";
          }

          leaf group-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum number of (source,group) per interface";
          }

          container static {
            description
              "Static group or source membership";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP multicast group address";
              leaf name {
                type jt:ipv4addr;
                description
                  "IP multicast group address";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP multicast source address";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "Source address of IP multicast data";
                }

                uses apply-advanced;
              }  // list source
            }  // list group
          }  // container static
        }  // list interface

        list pseudowire-remote-address {
          junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
          junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
          key "name";
          ordered-by user;
          description
            "Pseudowire interface options for IGMP";
          leaf name {
            type jt:ipv4addr;
            description
              "Pseudowire endpoint address";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }
        }  // list pseudowire-remote-address

        list qualified-vlan {
          key "name";
          ordered-by user;
          description
            "VLAN options for qualified-learning";
          leaf name {
            junos:must "(".. .. .. .. .. vlans ${vlan} vlan-id all")";
            junos:must-message "vlan specific configuration is allowed with qualified-learning only";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1023";
              }
            }
            description
              "VLAN ID of the learning-domain";
          }

          uses apply-advanced;

          leaf query-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1024";
              }
            }
            units "seconds";
            description
              "When to send host query messages";
          }

          leaf query-response-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "How long to wait for a host query response";
          }

          leaf query-last-member-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "When to send group query messages";
          }

          leaf robust-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 10";
              }
            }
            description
              "Expected packet loss on a subnet";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          container proxy {
            presence "enable proxy";
            description "Enable proxy mode";
            uses apply-advanced;

            leaf source-address {
              type jt:ipv4addr;
              description
                "Source IP address to use for proxy";
            }
          }  // container proxy

          leaf evpn-ssm-reports-only {
            type empty;
            description
              "Accept and process only <s,g> reports of SSM groups";
          }

          list interface {
            key "name";
            ordered-by user;
            description
              "Interface options for IGMP";
            leaf name {
              junos:must "(".. .. .. .. .. .. vlans ${vlan} interface $$")";
              junos:must-message "interface options can be specified for the interfaces in the routing-instance";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }

            leaf host-only-interface {
              junos:must "(!(".. multicast-router-interface"))";
              junos:must-message "interface cannot be both host-only and multicast-router";
              type empty;
              description
                "Enable interfaces to be treated as host-side interfaces";
            }

            leaf group-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum number of (source,group) per interface";
            }

            container static {
              description
                "Static group or source membership";
              uses apply-advanced;

              list group {
                key "name";
                ordered-by user;
                description
                  "IP multicast group address";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "IP multicast group address";
                }

                uses apply-advanced;

                list source {
                  key "name";
                  ordered-by user;
                  description
                    "IP multicast source address";
                  leaf name {
                    type jt:ipv4addr;
                    description
                      "Source address of IP multicast data";
                  }

                  uses apply-advanced;
                }  // list source
              }  // list group
            }  // container static
          }  // list interface

          list pseudowire-remote-address {
            junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
            junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
            key "name";
            ordered-by user;
            description
              "Pseudowire interface options for IGMP";
            leaf name {
              type jt:ipv4addr;
              description
                "Pseudowire endpoint address";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }
          }  // list pseudowire-remote-address
        }  // list qualified-vlan
      }  // list vlan
    }  // grouping juniper-bd-protocols-igmp-snooping

    grouping juniper-bd-protocols-mld-snooping {
      description "MLD snooping options";
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for MLD Snooping";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all MLD packets";
              }
              enum "query" {
                value 1;
                description
                  "Trace MLD membership query messages";
              }
              enum "report" {
                value 2;
                description
                  "Trace membership report messages";
              }
              enum "leave" {
                value 3;
                description
                  "Trace leave group messages (MLDv2 only)";
              }
              enum "group" {
                value 4;
                description
                  "Trace group operations";
              }
              enum "client-notification" {
                value 5;
                description
                  "Trace notifications";
              }
              enum "host-notification" {
                value 6;
                description
                  "Trace host notifications";
              }
              enum "route" {
                value 7;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 8;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 9;
                description
                  "Trace general events";
              }
              enum "state" {
                value 10;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 11;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 12;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 13;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 14;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf query-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1024";
          }
        }
        units "seconds";
        default "125";
        description
          "When to send host query messages";
      }

      container l2-querier {
        description "Enable L2 querier mode";
        uses apply-advanced;

        leaf source-address {
          type jt:ipv6addr;
          description
            "Source IP address to use for L2 querier";
        }
      }  // container l2-querier

      leaf query-response-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "10";
        description
          "How long to wait for a host query response";
      }

      leaf query-last-member-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "1";
        description
          "When to send group query messages";
      }

      leaf robust-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 10";
          }
        }
        default "2";
        description
          "Expected packet loss on a subnet";
      }

      leaf immediate-leave {
        type empty;
        description
          "Enable immediate group leave on interfaces";
      }

      leaf evpn-ssm-reports-only {
        type empty;
        description
          "Accept and process only <s,g> reports of SSM groups";
      }

      container proxy {
        presence "enable proxy";
        description "Enable proxy mode";
        uses apply-advanced;

        leaf source-address {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "With qualified-learning source-address should be configured under Vlan options";
          type jt:ipv6addr;
          description
            "Source IP address to use for proxy";
        }

        leaf irb {
          type empty;
          description
            "Proxy IGMP reports to IRB";
        }
      }  // container proxy

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface options for MLD";
        leaf name {
          junos:must "(!("interfaces $$-IFL vlan-tags inner-range"))";
          junos:must-message "interface with vlan-tags inner-range should be specified in a learning-domain only";
          junos:must "(!("interfaces $$-IFL vlan-id-range"))";
          junos:must-message "interface with vlan-id-range should be specified in a learning-domain only";
          junos:must "(((".. .. .. .. interface $$" || ".. .. .. .. .. .. interface $$") || (!(".. .. .. .. .. .. .. .. routing-instances") && ("interfaces $$-IFL family bridge interface-mode" && !(any "routing-instances <*> interface $$")))))";
          junos:must-message "interface options can be specified for the interfaces in the routing-instance";
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, interface should be configured only under vlan";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        leaf host-only-interface {
          junos:must "(!(".. multicast-router-interface"))";
          junos:must-message "interface cannot be both host-only and multicast-router";
          type empty;
          description
            "Enable interfaces to be treated as host-side interfaces";
        }

        leaf group-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          description
            "Maximum number of (source,group) per interface";
        }

        container static {
          description
            "Static group or source membership";
          uses apply-advanced;

          list group {
            key "name";
            ordered-by user;
            description
              "IP multicast group address";
            leaf name {
              type jt:ipv6addr;
              description
                "IP multicast group address";
            }

            uses apply-advanced;

            list source {
              key "name";
              ordered-by user;
              description
                "IP multicast source address";
              leaf name {
                type jt:ipv6addr;
                description
                  "Source address of IP multicast data";
              }

              uses apply-advanced;
            }  // list source
          }  // list group
        }  // container static
      }  // list interface

      list pseudowire-remote-address {
        junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
        junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
        key "name";
        ordered-by user;
        description
          "Pseudowire interface options for MLD";
        leaf name {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, pseudowire-remote-address should be configured only under vlan";
          type jt:ipv4addr;
          description
            "Pseudowire endpoint address";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }
      }  // list pseudowire-remote-address

      list vlan {
        key "name";
        ordered-by user;
        description "Vlan options";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description
            "Vlan of the bridge-domain";
        }

        uses apply-advanced;

        leaf query-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1024";
            }
          }
          units "seconds";
          description
            "When to send host query messages";
        }

        leaf query-response-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "How long to wait for a host query response";
        }

        leaf query-last-member-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "When to send group query messages";
        }

        leaf robust-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Expected packet loss on a subnet";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        container proxy {
          presence "enable proxy";
          description "Enable proxy mode";
          uses apply-advanced;

          leaf source-address {
            type jt:ipv6addr;
            description
              "Source IP address to use for proxy";
          }
        }  // container proxy

        leaf evpn-ssm-reports-only {
          type empty;
          description
            "Accept and process only <s,g> reports of SSM groups";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface options for MLD";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          leaf host-only-interface {
            junos:must "(!(".. multicast-router-interface"))";
            junos:must-message "interface cannot be both host-only and multicast-router";
            type empty;
            description
              "Enable interfaces to be treated as host-side interfaces";
          }

          leaf group-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum number of (source,group) per interface";
          }

          container static {
            description
              "Static group or source membership";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP multicast group address";
              leaf name {
                type jt:ipv6addr;
                description
                  "IP multicast group address";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP multicast source address";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "Source address of IP multicast data";
                }

                uses apply-advanced;
              }  // list source
            }  // list group
          }  // container static
        }  // list interface

        list pseudowire-remote-address {
          junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
          junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
          key "name";
          ordered-by user;
          description
            "Pseudowire interface options for MLD";
          leaf name {
            type jt:ipv4addr;
            description
              "Pseudowire endpoint address";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }
        }  // list pseudowire-remote-address

        list qualified-vlan {
          key "name";
          ordered-by user;
          description
            "VLAN options for qualified-learning";
          leaf name {
            junos:must "(".. .. .. .. .. vlans ${vlan} vlan-id all")";
            junos:must-message "vlan specific configuration is allowed with qualified-learning only";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1023";
              }
            }
            description
              "VLAN ID of the learning-domain";
          }

          uses apply-advanced;

          leaf query-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1024";
              }
            }
            units "seconds";
            description
              "When to send host query messages";
          }

          leaf query-response-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "How long to wait for a host query response";
          }

          leaf query-last-member-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "When to send group query messages";
          }

          leaf robust-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 10";
              }
            }
            description
              "Expected packet loss on a subnet";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          container proxy {
            presence "enable proxy";
            description "Enable proxy mode";
            uses apply-advanced;

            leaf source-address {
              type jt:ipv6addr;
              description
                "Source IP address to use for proxy";
            }
          }  // container proxy

          leaf evpn-ssm-reports-only {
            type empty;
            description
              "Accept and process only <s,g> reports of SSM groups";
          }

          list interface {
            key "name";
            ordered-by user;
            description
              "Interface options for MLD";
            leaf name {
              junos:must "(".. .. .. .. .. .. vlans ${vlan} interface $$")";
              junos:must-message "interface options can be specified for the interfaces in the routing-instance";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }

            leaf host-only-interface {
              junos:must "(!(".. multicast-router-interface"))";
              junos:must-message "interface cannot be both host-only and multicast-router";
              type empty;
              description
                "Enable interfaces to be treated as host-side interfaces";
            }

            leaf group-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum number of (source,group) per interface";
            }

            container static {
              description
                "Static group or source membership";
              uses apply-advanced;

              list group {
                key "name";
                ordered-by user;
                description
                  "IP multicast group address";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "IP multicast group address";
                }

                uses apply-advanced;

                list source {
                  key "name";
                  ordered-by user;
                  description
                    "IP multicast source address";
                  leaf name {
                    type jt:ipv6addr;
                    description
                      "Source address of IP multicast data";
                  }

                  uses apply-advanced;
                }  // list source
              }  // list group
            }  // container static
          }  // list interface

          list pseudowire-remote-address {
            junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
            junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
            key "name";
            ordered-by user;
            description
              "Pseudowire interface options for MLD";
            leaf name {
              type jt:ipv4addr;
              description
                "Pseudowire endpoint address";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }
          }  // list pseudowire-remote-address
        }  // list qualified-vlan
      }  // list vlan
    }  // grouping juniper-bd-protocols-mld-snooping

    grouping juniper-bridge-forwarding-options {
      uses apply-advanced;

      container filter {
        description
          "Filtering for bridge forwarding table";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of input filter to apply for forwarded packets";
        }
      }  // container filter

      container flood {
        description
          "Filtering for bridge flood table";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of input filter to apply for bridge flood packets";
        }
      }  // container flood

      container dhcp-relay {
        status deprecated;
        description
          "Dynamic Host Configuration Protocol relay configuration";
        uses jdhcp-relay-type;
      }  // container dhcp-relay

      container dhcp-security {
        presence "enable dhcp-security";
        description
          "Dynamic ARP Inspection configuration";
        uses jdhcp-security-type;
      }  // container dhcp-security
    }  // grouping juniper-bridge-forwarding-options

    grouping jdhcp-relay-type {
      description
        "Dynamic Host Configuration Protocol relay configuration";
      uses apply-advanced;

      leaf duplicate-clients-on-interface {
        type empty;
        status deprecated;
        description
          "Allow duplicate clients on different interfaces in a subnet";
      }

      container duplicate-clients-in-subnet {
        junos:must "(!(".. duplicate-clients-on-interface"))";
        junos:must-message "Cannot specify duplicate-clients-in-subnet with duplicate-clients-on-interface";
        description
          "Allow duplicate clients in a subnet";
        uses jdhcp-duplicate-clients-in-subnet-type;
      }  // container duplicate-clients-in-subnet

      container dhcpv6 {
        description "DHCPv6 configuration";
        uses dhcpv6-relay-type;
      }  // container dhcpv6

      leaf arp-inspection {
        type empty;
        description
          "Enable Dynamic ARP Inspection";
      }

      container forward-snooped-clients {
        junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))";
        junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured";
        description
          "Forward snooped (unicast) packets";
        choice interface-type {
          leaf configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured interfaces";
          }
          leaf non-configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on non-configured interfaces";
          }
          leaf all-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured and non-configured interfaces";
          }
        }  // choice interface-type
      }  // container forward-snooped-clients

      container authentication {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'authentication' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        description "DHCP authentication";
        uses authentication-type;
      }  // container authentication

      container liveness-detection {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'liveness-detection' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        description
          "DHCP client liveness detection processing";
        uses dhcp-liveness-detection-type;
      }  // container liveness-detection

      container dynamic-profile {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'dynamic-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'access-profile' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container overrides {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'overrides' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        presence "enable overrides";
        description
          "DHCP override processing";
        uses override-type;
      }  // container overrides

      container relay-option {
        junos:must "((!(".. relay-option-60") && !(any ".. group <*> relay-option-60")))";
        junos:must-message "Cannot specify relay-option-60 with relay-option";
        presence "enable relay-option";
        description "DHCP option processing";
        uses dhcp-generic-v4-option;
      }  // container relay-option

      container server-match {
        description
          "Server match processing";
        uses apply-advanced;

        container default-action {
          presence "enable default-action";
          description
            "Server match default action";
          uses server-match-action-choice;
        }  // container default-action

        list address {
          key "name";
          ordered-by user;
          description "Server address";
          leaf name {
            type jt:ipv4prefix;
            description
              "Server address for matching";
          }

          uses apply-advanced;

          choice server-match-action-choice {
            leaf forward-only {
              type empty;
              description
                "Forward without subscriber services when a match is made";
            }
            leaf create-relay-entry {
              type empty;
              description
                "Create relay entry and allow subscriber services";
            }
          }  // choice server-match-action-choice
        }  // list address
      }  // container server-match

      container relay-option-60 {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'relay-option-60' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        junos:must "((!(".. relay-option") && !(any ".. group <*> relay-option")))";
        junos:must-message "Cannot specify relay-option with relay-option-60 ";
        presence "enable relay-option-60";
        status deprecated;
        description
          "DHCP option-60 processing";
        uses relay-option-60-type-top;
      }  // container relay-option-60

      container relay-option-82 {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'relay-option-82' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        presence "enable relay-option-82";
        description
          "DHCP option-82 processing";
        uses relay-option-82-type;
      }  // container relay-option-82

      container forward-only {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'forward-only' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        presence "enable forward-only";
        description
          "Forward DHCP packets without creating binding";
        uses forward-only-to-rc-type;
      }  // container forward-only

      leaf description {
        type string;
        description
          "Text description of servers";
      }

      leaf maximum-hop-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 16";
          }
        }
        description
          "Maximum number of hops per packet";
      }

      leaf minimum-wait-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 30000";
          }
        }
        description
          "Minimum number of seconds before requests are forwarded";
      }

      leaf client-response-ttl {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 255";
          }
        }
        description
          "IP time-to-live value to set in responses to client";
      }

      leaf source-ip-change {
        type empty;
        description
          "Use address of egress interface as source ip";
      }

      leaf forward-only-replies {
        type empty;
        description
          "Forward-only replies from server to appropriate logical-system:routing-instance based on options";
      }

      container server-group {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'server-group' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        description
          "Define a DHCP server group";
        uses server-group-type;
      }  // container server-group

      container active-server-group {
        description
          "Name of DHCP server group";
        uses dhcpv4-gbl-active-sg-type;
      }  // container active-server-group

      container route-suppression {
        junos:must "(!(".. liveness-detection method layer2-liveness-detection"))";
        junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection";
        junos:must "(!(".. overrides no-arp"))";
        junos:must-message "Cannot specify route-suppression with overrides no-arp";
        description
          "Suppress access-internal and/or destination route addition";
        uses dhcp-route-suppression-type;
      }  // container route-suppression

      list group {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'group' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        key "name";
        ordered-by user;
        description "Define a DHCP group";
        uses dhcp-group;
      }  // list group

      list dual-stack-group {
        key "name";
        description
          "Define a DHCP dual stack group";
        uses dhcp-dual-stack-group;
      }  // list dual-stack-group

      leaf no-snoop {
        junos:must "(!("legacy-snooping"))";
        junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement";
        type empty;
        description
          "Do not snoop DHCP packets";
      }

      leaf server-response-time {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        default "0";
        description
          "Number of seconds in a period of activity between the last server response and an unaswered request";
      }

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation in seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          leaf drop {
            type empty;
            description
              "Drop dhcpv4 offer and ack packets";
          }
        }  // container violation-action
      }  // container lease-time-validation

      container leasequery {
        junos:must "(".. overrides always-write-option-82")";
        junos:must-message "Must configure [overrides always-write-option-82] to overwrite circuit-id";
        junos:must "((".. relay-option-82 circuit-id" && (!(".. relay-option-82 circuit-id use-interface-description") && !(".. relay-option-82 circuit-id require-interface-description"))))";
        junos:must-message "Must configure [relay-option-82 circuit-id] without description to insert circuit-id";
        presence "enable leasequery";
        description
          "DHCP leasequery configuration";
        uses relay-leasequery-type;
      }  // container leasequery

      container bulk-leasequery {
        presence "enable bulk-leasequery";
        description
          "DHCP bulk leasequery configuration";
        uses relay-bulk-leasequery-v4-type;
      }  // container bulk-leasequery

      container active-leasequery {
        junos:must "(".. bulk-leasequery")";
        junos:must-message "Must configure bulk-leasequery";
        presence "enable active-leasequery";
        description
          "DHCPv4 active leasequery configuration";
        uses relay-active-leasequery-v4-type;
      }  // container active-leasequery

      container remote-id-mismatch {
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch
    }  // grouping jdhcp-relay-type

    grouping dhcp-dual-stack-group {
      description "DHCP dual stack groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Dual stack group name";
      }

      uses apply-advanced;

      container authentication {
        description "DHCP authentication";
        uses dual-stack-authentication-type;
      }  // container authentication

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to be used for jdhcpd";
      }

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      container liveness-detection {
        description
          "DHCP client liveness detection processing";
        uses dhcp-liveness-detection-dualstack-type;
      }  // container liveness-detection

      container relay-agent-interface-id {
        presence
          "enable relay-agent-interface-id";
        description
          "Interface-id option processing";
        uses v6-relay-option-interface-id-type;
      }  // container relay-agent-interface-id

      container relay-agent-remote-id {
        presence
          "enable relay-agent-remote-id";
        description
          "Remote-id option processing";
        uses v6-relay-option-remote-id-type;
      }  // container relay-agent-remote-id

      container classification-key {
        junos:must "(".. dynamic-profile")";
        junos:must-message "dynamic profile configuration in dual-stack-group is must for configuring classification-type";
        description
          "Classification key for identifying dual stack household";
        uses classification-types;
      }  // container classification-key

      container protocol-master {
        description
          "Select family as protocol master";
        uses jdhcp-dual-stack-protocol-mstr-type;
      }  // container protocol-master

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection
    }  // grouping dhcp-dual-stack-group

    grouping dhcp-generic-v4-option {
      description
        "Generic DHCP options processing";
      uses apply-advanced;

      leaf option-number {
        type enumeration {
          enum "60" {
            value 0;
            status deprecated;
            description "Option 60";
          }
          enum "77" {
            value 1;
            status deprecated;
            description "Option 77";
          }
        }
        status deprecated;
        description "Option number";
      }

      container equals {
        status deprecated;
        description "Generic option equals";
        uses relay-v4-option-ascii-hex;
      }  // container equals

      container default-action {
        status deprecated;
        description
          "Generic option default action";
        uses dhcp-v4-option-default-action;
      }  // container default-action

      container starts-with {
        status deprecated;
        description
          "Generic option starts with";
        uses relay-v4-option-ascii-hex;
      }  // container starts-with

      container option-60 {
        junos:must "(!("option-number"))";
        junos:must-message "Cannot specify option-60  with option-number";
        presence "enable option-60";
        description
          "Add option 60 processing";
        uses dhcp-generic-v4-option-type;
      }  // container option-60

      container option-77 {
        junos:must "(!("option-number"))";
        junos:must-message "Cannot specify option-77  with option-number";
        presence "enable option-77";
        description
          "Add option 77 processing";
        uses dhcp-generic-v4-option-type;
      }  // container option-77

      list option-order {
        junos:must "(!("option-number"))";
        junos:must-message "Cannot specify option-order  with option-number";
        key "name";
        ordered-by user;
        description
          "Options precedence order";
        leaf name {
          type enumeration {
            enum "60" {
              value 0;
              description "Option 60";
            }
            enum "77" {
              value 1;
              description "Option 77";
            }
          }
          description "Option number";
        }

        uses apply-advanced;
      }  // list option-order
    }  // grouping dhcp-generic-v4-option

    grouping dhcp-generic-v4-option-type {
      uses apply-advanced;

      container equals {
        description "Generic option equals";
        uses relay-v4-option-ascii-hex;
      }  // container equals

      container default-action {
        description
          "Generic option default action";
        uses dhcp-v4-option-default-action;
      }  // container default-action

      container starts-with {
        description
          "Generic option starts with";
        uses relay-v4-option-ascii-hex;
      }  // container starts-with
    }  // grouping dhcp-generic-v4-option-type

    grouping dhcp-group {
      description "DHCP groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      container active-server-group {
        description
          "Name of DHCP server group";
        uses dhcpv4-gp-active-sg-type;
      }  // container active-server-group

      container authentication {
        description "DHCP authentication";
        uses authentication-type;
      }  // container authentication

      container liveness-detection {
        description
          "DHCP client liveness detection processing";
        uses dhcp-liveness-detection-type;
      }  // container liveness-detection

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container overrides {
        presence "enable overrides";
        description
          "DHCP override processing";
        uses override-type;
      }  // container overrides

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container server-match {
        description
          "Server match processing";
        uses apply-advanced;

        container default-action {
          presence "enable default-action";
          description
            "Server match default action";
          uses server-match-action-choice;
        }  // container default-action

        list address {
          key "name";
          ordered-by user;
          description "Server address";
          leaf name {
            type jt:ipv4prefix;
            description
              "Server address for matching";
          }

          uses apply-advanced;

          choice server-match-action-choice {
            leaf forward-only {
              type empty;
              description
                "Forward without subscriber services when a match is made";
            }
            leaf create-relay-entry {
              type empty;
              description
                "Create relay entry and allow subscriber services";
            }
          }  // choice server-match-action-choice
        }  // list address
      }  // container server-match

      container relay-option {
        junos:must "((!(".. relay-option-60") && !(".. .. relay-option-60")))";
        junos:must-message "Cannot specify relay-option-60 with relay-option";
        presence "enable relay-option";
        description "DHCP option processing";
        uses dhcp-generic-v4-option;
      }  // container relay-option

      container relay-option-60 {
        junos:must "((!(".. relay-option") && !(".. .. relay-option")))";
        junos:must-message "Cannot specify relay-option with relay-option-60";
        presence "enable relay-option-60";
        status deprecated;
        description
          "DHCP option-60 processing";
        uses relay-option-60-type-group;
      }  // container relay-option-60

      container relay-option-82 {
        presence "enable relay-option-82";
        description
          "DHCP option-82 processing";
        uses relay-option-82-type;
      }  // container relay-option-82

      container forward-only {
        presence "enable forward-only";
        description
          "Forward DHCP packets without creating binding";
        uses forward-only-to-rc-type;
      }  // container forward-only

      container route-suppression {
        junos:must "(!(".. liveness-detection method layer2-liveness-detection"))";
        junos:must-message "Cannot specify route-suppression with liveness-detection method layer2-liveness-detection";
        junos:must "((!(".. overrides no-arp") && !(".. .. overrides no-arp")))";
        junos:must-message "Cannot specify route-suppression with overrides no-arp";
        description
          "Suppress access-internal and/or destination route addition";
        uses dhcp-route-suppression-type;
      }  // container route-suppression

      leaf description {
        type string;
        description
          "Text description of servers";
      }

      leaf maximum-hop-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 16";
          }
        }
        description
          "Maximum number of hops per packet";
      }

      leaf minimum-wait-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 30000";
          }
        }
        description
          "Minimum number of seconds before requests are forwarded";
      }

      leaf client-response-ttl {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 255";
          }
        }
        description
          "IP time-to-live value to set in responses to client";
      }

      leaf source-ip-change {
        type empty;
        description
          "Use address of egress interface as source ip";
      }

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf upto {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface up to";
        }

        leaf exclude {
          type empty;
          description
            "Exclude this interface range";
        }

        container overrides {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "DHCP override processing";
          uses override-type;
        }  // container overrides

        container dynamic-profile {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "Dynamic profile to use";
          uses dynamic-profile-type;
        }  // container dynamic-profile

        leaf service-profile {
          type string {
            length "1 .. 128";
          }
          description
            "Dynamic profile to use for default service activation";
        }

        leaf access-profile {
          junos:must "("access profile $$")";
          junos:must-message "Matching access profile must be defined";
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          type string {
            length "1 .. 128";
          }
          description
            "Access profile to use for AAA services";
        }

        container short-cycle-protection {
          description
            "Short cycle lockout configuration";
          leaf lockout-min-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }

          leaf lockout-max-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }
        }  // container short-cycle-protection
      }  // list interface

      container remote-id-mismatch {
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation in seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          leaf drop {
            type empty;
            description
              "Drop dhcpv4 offer and ack packets";
          }
        }  // container violation-action
      }  // container lease-time-validation
    }  // grouping dhcp-group

    grouping dhcp-liveness-detection-type {
      description
        "DHCP client liveness detection processing";
      uses apply-advanced;

      container failure-action {
        description
          "Liveness detection failure action options";
        uses dhcp-liveness-detection-failure-action-type;
      }  // container failure-action

      container method {
        description
          "Liveness detection method options";
        uses apply-advanced;

        choice method-choice {
          container bfd {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses dhcp-bfd-liveness-detection-type;
          }  // container bfd
          container layer2-liveness-detection {
            junos:must "((!(".. .. route-suppression") && (!(".. .. .. route-suppression") && !(".. .. .. .. route-suppression"))))";
            junos:must-message "Method not allowed with route-suppression enabled";
            description
              "Address resolution options";
            uses dhcp-arp-nud-liveness-detection-type;
          }  // container layer2-liveness-detection
        }  // choice method-choice
      }  // container method
    }  // grouping dhcp-liveness-detection-type

    grouping dhcp-v4-option-default-action {
      description "Default action";
      uses apply-advanced;

      choice server-group-choice {
        leaf relay-server-group {
          junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))";
          junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]";
          type string {
            length "1 .. 64";
          }
          description
            "Name of DHCP relay server group when match is made";
        }
        leaf local-server-group {
          junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))";
          junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
          type string {
            length "1 .. 64";
          }
          description
            "Name of DHCP local server group when match is made";
        }
        leaf drop {
          type empty;
          description
            "Discard when a match is made";
        }
        leaf forward-only {
          type empty;
          description
            "Forward without subscriber services when a match is made";
        }
      }  // choice server-group-choice
    }  // grouping dhcp-v4-option-default-action

    grouping dhcpv4-gbl-active-sg-type {
      leaf active-server-group {
        junos:must "(".. .. server-group $$")";
        junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]";
        type string {
          length "1 .. 64";
        }
        description
          "Name of DHCP server group";
      }

      leaf allow-server-change {
        type empty;
        description
          "Accept DHCP-ACK from any server in this group";
      }
    }  // grouping dhcpv4-gbl-active-sg-type

    grouping dhcpv4-gp-active-sg-type {
      leaf active-server-group {
        junos:must "(".. .. .. server-group $$")";
        junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]";
        type string {
          length "1 .. 64";
        }
        description
          "Name of DHCP server group";
      }

      leaf allow-server-change {
        type empty;
        description
          "Accept DHCP-ACK from any server in this group";
      }
    }  // grouping dhcpv4-gp-active-sg-type

    grouping dhcpv6-relay-type {
      description
        "DHCPv6 relay configuration";
      uses apply-advanced;

      container authentication {
        description "DHCPv6 authentication";
        uses dhcpv6-authentication-type;
      }  // container authentication

      container liveness-detection {
        description
          "DHCPv6 client liveness detection processing";
        uses dhcpv6-liveness-detection-type;
      }  // container liveness-detection

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container overrides {
        presence "enable overrides";
        description
          "DHCPv6 override processing";
        uses dhcpv6-override-relay-type;
      }  // container overrides

      container relay-option {
        presence "enable relay-option";
        description
          "DHCPv6 option processing";
        uses dhcp-generic-v6-option;
      }  // container relay-option

      leaf exclude-relay-agent-identifier {
        type empty;
        description
          "Exclude relay agent identifier from packets to server";
      }

      container server-match {
        description
          "Server match processing";
        uses apply-advanced;

        container default-action {
          description
            "Server match default action";
          uses server-match-action-choice;
        }  // container default-action

        container duid {
          description
            "Match duid processing";
          uses apply-advanced;

          container equals {
            description "Duid equals";
            uses server-match-v6-ascii-hex;
          }  // container equals

          container starts-with {
            description "Duid starts with";
            uses server-match-v6-ascii-hex;
          }  // container starts-with
        }  // container duid

        list address {
          key "name";
          ordered-by user;
          description "Server ipv6 address";
          leaf name {
            type jt:ipv6prefix;
            description
              "Server ipv6 address for matching";
          }

          uses apply-advanced;

          choice server-match-action-choice {
            leaf forward-only {
              type empty;
              description
                "Forward without subscriber services when a match is made";
            }
            leaf create-relay-entry {
              type empty;
              description
                "Create relay entry and allow subscriber services";
            }
          }  // choice server-match-action-choice
        }  // list address
      }  // container server-match

      leaf relay-agent-option-79 {
        type empty;
        description
          "Add the client MAC address to the Relay Forward header.";
      }

      container vendor-specific-information {
        description
          "DHCPv6 option 17 vendor-specific processing";
        uses jdhcp-vendor-specific-type;
      }  // container vendor-specific-information

      container forward-only {
        presence "enable forward-only";
        description
          "Forward DHCPv6 packets without creating binding";
        uses forward-only-to-rc-type;
      }  // container forward-only

      leaf forward-only-replies {
        type empty;
        description
          "Forward-only replies from server to appropriate logical-system:routing-instance based on options";
      }

      container forward-snooped-clients {
        junos:must "((!(".. forward-only") && (!(".. forward-only-replies") && !(any ".. group <*> forward-only"))))";
        junos:must-message "forward-only and forward-only-replies cannot be configured when forward-snooped-clients is configured";
        description
          "Forward snooped (unicast) packets";
        choice interface-type {
          leaf configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured interfaces";
          }
          leaf non-configured-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on non-configured interfaces";
          }
          leaf all-interfaces {
            type empty;
            description
              "Forward snooped (unicast) packets on configured and non-configured interfaces";
          }
        }  // choice interface-type
      }  // container forward-snooped-clients

      container route-suppression {
        description
          "Suppress access-internal and/or access route addition";
        uses dhcpv6-route-suppression-type;
      }  // container route-suppression

      list group {
        key "name";
        ordered-by user;
        description
          "Define a DHCPv6 relay group";
        uses dhcpv6-relay-group;
      }  // list group

      container relay-agent-interface-id {
        presence
          "enable relay-agent-interface-id";
        description
          "DHCPv6 interface-id option processing";
        uses v6-relay-option-interface-id-type;
      }  // container relay-agent-interface-id

      container relay-agent-remote-id {
        presence
          "enable relay-agent-remote-id";
        description
          "DHCPv6 remote-id option processing";
        uses v6-relay-option-remote-id-type;
      }  // container relay-agent-remote-id

      container server-group {
        description
          "Define a DHCPv6 server group";
        uses v6-server-group-type;
      }  // container server-group

      container active-server-group {
        description
          "Name of DHCPv6 server group";
        uses dhcpv6-gbl-active-sg-type;
      }  // container active-server-group

      leaf server-response-time {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        default "0";
        description
          "Number of seconds in a period of activity between the last server response and an unaswered request";
      }

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation in seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          leaf drop {
            type empty;
            description
              "Drop dhcpv6 advertise and reply packets";
          }
        }  // container violation-action
      }  // container lease-time-validation

      leaf no-snoop {
        junos:must "(!("legacy-snooping"))";
        junos:must-message "'no-snoop' statement cannot be included along with 'legacy-snooping' statement";
        type empty;
        description
          "Do not snoop DHCPV6 packets";
      }

      container leasequery {
        junos:must "(".. relay-agent-interface-id")";
        junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id";
        presence "enable leasequery";
        description
          "DHCPv6 leasequery configuration";
        uses relay-leasequery-type;
      }  // container leasequery

      container bulk-leasequery {
        junos:must "(".. relay-agent-interface-id")";
        junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id";
        presence "enable bulk-leasequery";
        description
          "DHCPv6 bulk leasequery configuration";
        uses relay-bulk-leasequery-v6-type;
      }  // container bulk-leasequery

      container active-leasequery {
        junos:must "(".. bulk-leasequery")";
        junos:must-message "Must configure bulk-leasequery";
        presence "enable active-leasequery";
        description
          "DHCPv6 active leasequery configuration";
        uses relay-active-leasequery-v6-type;
      }  // container active-leasequery

      container remote-id-mismatch {
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container duplicate-clients {
        description
          "Allow duplicate clients";
        uses dhcpv6-duplicate-clients-type;
      }  // container duplicate-clients
    }  // grouping dhcpv6-relay-type

    grouping dhcp-generic-v6-option {
      description
        "Generic DHCPv6 options processing";
      uses apply-advanced;

      leaf option-number {
        type enumeration {
          enum "15" {
            value 0;
            status deprecated;
            description "Option 15";
          }
          enum "16" {
            value 1;
            status deprecated;
            description "Option 16";
          }
        }
        status deprecated;
        description "Option number";
      }

      container equals {
        status deprecated;
        description "Generic option equals";
        uses relay-v6-option-ascii-hex;
      }  // container equals

      container default-action {
        status deprecated;
        description
          "Generic option default action";
        uses dhcp-v6-option-default-action;
      }  // container default-action

      container starts-with {
        status deprecated;
        description
          "Generic option starts with";
        uses relay-v6-option-ascii-hex;
      }  // container starts-with

      container option-15 {
        junos:must "(!("option-number"))";
        junos:must-message "Cannot specify option-15  with option-number";
        presence "enable option-15";
        description
          "Add option 15 processing";
        uses dhcp-generic-v6-option-type;
      }  // container option-15

      container option-16 {
        junos:must "(!("option-number"))";
        junos:must-message "Cannot specify option-16  with option-number";
        presence "enable option-16";
        description
          "Add option 16 processing";
        uses dhcp-generic-v6-option-type;
      }  // container option-16

      list option-order {
        junos:must "(!("option-number"))";
        junos:must-message "Cannot specify option-order  with option-number";
        key "name";
        ordered-by user;
        description
          "Options precedence order";
        leaf name {
          type enumeration {
            enum "15" {
              value 0;
              description "Option 15";
            }
            enum "16" {
              value 1;
              description "Option 16";
            }
          }
          description "Option number";
        }

        uses apply-advanced;
      }  // list option-order
    }  // grouping dhcp-generic-v6-option

    grouping dhcp-generic-v6-option-type {
      uses apply-advanced;

      container equals {
        description "Generic option equals";
        uses relay-v6-option-ascii-hex;
      }  // container equals

      container default-action {
        description
          "Generic option default action";
        uses dhcp-v6-option-default-action;
      }  // container default-action

      container starts-with {
        description
          "Generic option starts with";
        uses relay-v6-option-ascii-hex;
      }  // container starts-with
    }  // grouping dhcp-generic-v6-option-type

    grouping dhcp-v6-option-default-action {
      description "Default action";
      uses apply-advanced;

      choice server-group-choice {
        leaf relay-server-group {
          junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))";
          junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]";
          type string {
            length "1 .. 64";
          }
          description
            "Name of DHCP relay server group when match is made";
        }
        leaf drop {
          type empty;
          description
            "Discard when a match is made";
        }
        leaf forward-only {
          type empty;
          description
            "Forward without subscriber services when a match is made";
        }
      }  // choice server-group-choice
    }  // grouping dhcp-v6-option-default-action

    grouping dhcpv6-gbl-active-sg-type {
      uses apply-advanced;

      leaf active-server-group {
        junos:must "(".. .. server-group $$")";
        junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay dhcpv6 server-group]";
        type string {
          length "1 .. 64";
        }
        description
          "Name of DHCPv6 server group";
      }
    }  // grouping dhcpv6-gbl-active-sg-type

    grouping dhcpv6-override-relay-type {
      description
        "DHCPv6 relay override processing";
      uses apply-advanced;

      choice allow-snooped-clients-choice {
        leaf allow-snooped-clients {
          type empty;
          description
            "Allow client creation from snooped PDUs";
        }
        leaf no-allow-snooped-clients {
          type empty;
          description
            "Don't allow client creation from snooped PDUs";
        }
      }  // choice allow-snooped-clients-choice

      leaf delay-authentication {
        type empty;
        description
          "Delay subscriber authentication in DHCP protocol processing until request packet";
      }

      leaf interface-client-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 500000";
          }
        }
        description
          "Limit the number of clients allowed on an interface";
      }

      leaf dual-stack {
        type string {
          length "1 .. 64";
        }
        description
          "Dual stack group to use.";
      }

      leaf no-bind-on-request {
        type empty;
        description
          "Do not bind if stray DHCPv6 RENEW, REBIND is received";
      }

      container client-negotiation-match {
        description
          "Use secondary match criteria for SOLICIT PDU";
        choice match-with {
          leaf incoming-interface {
            type empty;
            description
              "Use incoming interface";
          }
        }  // choice match-with
      }  // container client-negotiation-match

      leaf send-release-on-delete {
        type empty;
        description
          "Always send RELEASE to the server when a binding is deleted";
      }

      leaf always-process-option-request-option {
        type empty;
        description
          "Always process option even after address allocation failure";
      }

      leaf relay-source {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface for relay source";
      }

      leaf delete-binding-on-renegotiation {
        type empty;
        description
          "Delete binding on renegotiation";
      }

      leaf asymmetric-lease-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "600 .. 86400";
          }
        }
        units "seconds";
        description
          "Use a reduced lease time for the client. In seconds";
      }

      leaf asymmetric-prefix-lease-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "600 .. 86400";
          }
        }
        units "seconds";
        description
          "Use a reduced prefix lease time for the client. In seconds";
      }
    }  // grouping dhcpv6-override-relay-type

    grouping dhcpv6-relay-group {
      description "DHCPv6 groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      container active-server-group {
        description
          "Name of DHCPv6 server group";
        uses dhcpv6-gp-active-sg-type;
      }  // container active-server-group

      list dual-stack-group {
        key "name";
        description
          "Define a DHCP dual stack group";
        uses dhcp-dual-stack-group;
      }  // list dual-stack-group

      container authentication {
        description "DHCPv6 authentication";
        uses dhcpv6-authentication-type;
      }  // container authentication

      container liveness-detection {
        description
          "DHCPv6 client liveness detection processing";
        uses dhcpv6-liveness-detection-type;
      }  // container liveness-detection

      container dynamic-profile {
        description "Dynamic profile to use";
        uses dynamic-profile-type;
      }  // container dynamic-profile

      leaf service-profile {
        type string {
          length "1 .. 128";
        }
        description
          "Dynamic profile to use for default service activation";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Matching access profile must be defined";
        type string {
          length "1 .. 128";
        }
        description
          "Access profile to use for AAA services";
      }

      container short-cycle-protection {
        description
          "Short cycle lockout configuration";
        leaf lockout-min-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }

        leaf lockout-max-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 86400";
            }
          }
          description
            "Short cycle lockout time in seconds";
        }
      }  // container short-cycle-protection

      container overrides {
        presence "enable overrides";
        description
          "DHCPv6 override processing";
        uses dhcpv6-override-relay-type;
      }  // container overrides

      container relay-option {
        presence "enable relay-option";
        description
          "DHCPv6 option processing";
        uses dhcp-generic-v6-option;
      }  // container relay-option

      container vendor-specific-information {
        description
          "DHCPv6 option 17 vendor-specific processing";
        uses jdhcp-vendor-specific-type;
      }  // container vendor-specific-information

      container forward-only {
        presence "enable forward-only";
        description
          "Forward DHCPv6 packets without creating binding";
        uses forward-only-to-rc-type;
      }  // container forward-only

      container relay-agent-interface-id {
        presence
          "enable relay-agent-interface-id";
        description
          "DHCPv6 interface-id option processing";
        uses v6-relay-option-interface-id-type;
      }  // container relay-agent-interface-id

      container relay-agent-remote-id {
        presence
          "enable relay-agent-remote-id";
        description
          "DHCPv6 remote-id option processing";
        uses v6-relay-option-remote-id-type;
      }  // container relay-agent-remote-id

      container route-suppression {
        description
          "Suppress access-internal and/or access route addition";
        uses dhcpv6-route-suppression-type;
      }  // container route-suppression

      leaf relay-agent-option-79 {
        type empty;
        description
          "Add the client MAC address to the Relay Forward header.";
      }

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          junos:must "((unique "forwarding-options dhcp-relay dhcpv6 group <*> interface $$" && !(any "system services dhcp-local-server dhcpv6 group <*> interface $$")))";
          junos:must-message "Interface used in other relay or server group";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf upto {
          junos:must "(!(".. .. interface $$"))";
          junos:must-message "Range end point must not equal start";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface up to";
        }

        leaf exclude {
          type empty;
          description
            "Exclude this interface range";
        }

        leaf trace {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify tracing with exclude";
          type empty;
          description
            "Enable tracing for this interface";
        }

        container overrides {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          description
            "DHCPv6 override processing";
          uses dhcpv6-override-relay-type;
        }  // container overrides

        container dynamic-profile {
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify dynamic-profile with exclude";
          description
            "Dynamic profile to use";
          uses dynamic-profile-type;
        }  // container dynamic-profile

        leaf service-profile {
          type string {
            length "1 .. 128";
          }
          description
            "Dynamic profile to use for default service activation";
        }

        leaf access-profile {
          junos:must "("access profile $$")";
          junos:must-message "Matching access profile must be defined";
          junos:must "(!(".. exclude"))";
          junos:must-message "Cannot specify overrides with exclude";
          type string {
            length "1 .. 128";
          }
          description
            "Access profile to use for AAA services";
        }

        container short-cycle-protection {
          description
            "Short cycle lockout configuration";
          leaf lockout-min-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }

          leaf lockout-max-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 86400";
              }
            }
            description
              "Short cycle lockout time in seconds";
          }
        }  // container short-cycle-protection
      }  // list interface

      container lease-time-validation {
        presence
          "enable lease-time-validation";
        description
          "Configure lease time violation validation";
        uses apply-advanced;

        leaf lease-time-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 2147483647";
            }
          }
          units "seconds";
          description
            "Threshold for lease time violation in seconds";
        }

        container violation-action {
          description
            "Lease time validation violation action";
          leaf drop {
            type empty;
            description
              "Drop dhcpv6 advertise and reply packets";
          }
        }  // container violation-action
      }  // container lease-time-validation

      container remote-id-mismatch {
        presence "enable remote-id-mismatch";
        description
          "DHCP client remote-id mismatch";
        uses dhcp-remote-id-mismatch-type;
      }  // container remote-id-mismatch

      container server-match {
        description
          "Server match processing";
        uses apply-advanced;

        container default-action {
          description
            "Server match default action";
          uses server-match-action-choice;
        }  // container default-action

        container duid {
          description
            "Match duid processing";
          uses apply-advanced;

          container equals {
            description "Duid equals";
            uses server-match-v6-ascii-hex;
          }  // container equals

          container starts-with {
            description "Duid starts with";
            uses server-match-v6-ascii-hex;
          }  // container starts-with
        }  // container duid

        list address {
          key "name";
          ordered-by user;
          description "Server ipv6 address";
          leaf name {
            type jt:ipv6prefix;
            description
              "Server ipv6 address for matching";
          }

          uses apply-advanced;

          choice server-match-action-choice {
            leaf forward-only {
              type empty;
              description
                "Forward without subscriber services when a match is made";
            }
            leaf create-relay-entry {
              type empty;
              description
                "Create relay entry and allow subscriber services";
            }
          }  // choice server-match-action-choice
        }  // list address
      }  // container server-match
    }  // grouping dhcpv6-relay-group

    grouping dhcpv6-gp-active-sg-type {
      uses apply-advanced;

      leaf active-server-group {
        junos:must "(".. .. .. server-group $$")";
        junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay dhcpv6 server-group]";
        type string {
          length "1 .. 64";
        }
        description
          "Name of DHCPv6 server group";
      }
    }  // grouping dhcpv6-gp-active-sg-type

    grouping forward-only-to-rc-type {
      description
        "Forward DHCP packets without creating binding";
      uses apply-advanced;

      leaf logical-system {
        type string;
        default "current";
      }

      leaf routing-instance {
        type string;
        default "current";
      }
    }  // grouping forward-only-to-rc-type

    grouping jdhcp-security-type {
      description
        "DHCP access security configuration";
      uses apply-advanced;

      leaf no-dhcp-snooping {
        junos:must "(!("switch-options no-arp-trap "))";
        junos:must-message "Cannot enable ARP inspection with no-arp-trap";
        type empty;
        description "Disable dhcp snooping";
      }

      leaf arp-inspection {
        type empty;
        description
          "Enable dynamic ARP inspection";
      }

      leaf ip-source-guard {
        type empty;
        description "Enable IP source guard";
      }

      leaf no-dhcpv6-snooping {
        type empty;
        description
          "Disable DHCPv6 snooping";
      }

      leaf neighbor-discovery-inspection {
        type empty;
        description
          "Enable neighbor discovery inspection";
      }

      leaf ipv6-source-guard {
        type empty;
        description
          "Enable IPv6 source guard";
      }

      leaf light-weight-dhcpv6-relay {
        type empty;
        description
          "Enable light weight dhcpv6 relay";
      }

      list group {
        key "name";
        ordered-by user;
        description
          "Define a DHCP security group for overriding defaults";
        uses ds-group;
      }  // list group

      container option-82 {
        presence "enable option-82";
        description
          "DHCP option-82 processing for snooped packets";
        uses security-option-82-type;
      }  // container option-82

      container dhcpv6-options {
        presence "enable dhcpv6-options";
        description
          "DHCPv6 option processing for snooped packets";
        uses security-dhcpv6-options-type;
      }  // container dhcpv6-options
    }  // grouping jdhcp-security-type

    grouping ds-group {
      description "DHCP security groups";
      leaf name {
        type string {
          junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
          junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          length "1 .. 64";
        }
        description "Group name";
      }

      uses apply-advanced;

      container overrides {
        presence "enable overrides";
        description
          "DHCP override processing";
        uses ds-override-type;
      }  // container overrides

      list interface {
        key "name";
        description "One or more interfaces";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        list static-ip {
          key "name";
          ordered-by user;
          description
            "Static IP address configuration";
          uses ip-mac-static;
        }  // list static-ip

        list static-ipv6 {
          key "name";
          ordered-by user;
          description
            "Static IPv6 address configuration";
          uses ipv6-mac-static;
        }  // list static-ipv6
      }  // list interface
    }  // grouping ds-group

    grouping ds-override-type {
      description
        "Dynamic ARP Inspection override processing";
      uses apply-advanced;

      leaf trusted {
        junos:must "(!(".. untrusted"))";
        junos:must-message "Trusted and untrusted cannot be configured together";
        type empty;
        description
          "Make this trusted group of interfaces";
      }

      leaf untrusted {
        junos:must "(!(".. trusted"))";
        junos:must-message "Trusted and untrusted cannot be configured together";
        type empty;
        description
          "Make this untrusted group of interfaces";
      }

      leaf no-option82 {
        type empty;
        description
          "Make this group of interfaces not to add option82";
      }

      leaf no-option37 {
        type empty;
        description
          "Make this group of interfaces not to add option37";
      }

      leaf no-option18 {
        type empty;
        description
          "Make this group of interfaces not to add option18";
      }

      leaf no-option16 {
        type empty;
        description
          "Make this group of interfaces not to add option16";
      }

      leaf no-option79 {
        type empty;
        description
          "Make this group of interfaces not to add option79";
      }

      leaf no-dhcpv6-options {
        type empty;
        description
          "Make this group of interfaces not to add any DHCPv6 options";
      }
    }  // grouping ds-override-type

    grouping ip-mac-static {
      leaf name {
        type jt:ipaddr;
        description "IP address";
      }

      leaf mac {
        type jt:mac-addr;
        description "MAC address";
      }
    }  // grouping ip-mac-static

    grouping ipv6-mac-static {
      leaf name {
        type jt:ipv6addr;
        description "IP address";
      }

      leaf mac {
        type jt:mac-addr;
        description "MAC address";
      }
    }  // grouping ipv6-mac-static

    grouping jdhcp-vendor-specific-type {
      description
        "Add vendor-specific option processing";
      uses apply-advanced;

      leaf host-name {
        type empty;
        description "Add router host name";
      }

      leaf location {
        type empty;
        description
          "Add location information expressed as interface name format";
      }
    }  // grouping jdhcp-vendor-specific-type

    grouping juniper-forwarding-options {
      uses apply-advanced;

      list storm-control-profiles {
        key "name";
        description
          "Storm control profile for this instance";
        leaf name {
          junos:must "("forwarding-options storm-control-profiles $$ all")";
          junos:must-message "Only aggregate profiles supported";
          type string {
            length "1 .. 127";
          }
          description
            "Storm control profile name";
        }

        uses apply-advanced;

        container all {
          presence "enable all";
          description "For all BUM traffic";
          uses apply-advanced;

          choice bandwidth {
            leaf bandwidth-percentage {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of link bandwidth";
            }
            leaf bandwidth-level {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32;
              }
              units "kbps";
              description "Link bandwidth";
            }
          }  // choice bandwidth

          leaf burst-size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            units "bytes";
            description "Burst size";
          }

          leaf no-broadcast {
            type empty;
            description
              "Disable broadcast storm control";
          }

          leaf no-unknown-unicast {
            type empty;
            description
              "Disable unknown unicast storm control";
          }

          choice no-multicast-choices {
            leaf no-multicast {
              type empty;
              description
                "Disable multicast storm control";
            }
            leaf no-registered-multicast {
              type empty;
              description
                "Disable registered multicast storm control";
            }
            leaf no-unregistered-multicast {
              type empty;
              description
                "Disable unregistered multicast storm control";
            }
          }  // choice no-multicast-choices
        }  // container all

        leaf action-shutdown {
          type empty;
          description
            "Disable port for excessive storm control errors";
        }
      }  // list storm-control-profiles

      choice sampling-or-packet-capture {
        container sampling {
          description
            "Statistical traffic sampling options";
          uses juniper-sampling-options;
        }  // container sampling
        container packet-capture {
          description
            "Packet capture options";
          uses juniper-packet-capture-options;
        }  // container packet-capture
      }  // choice sampling-or-packet-capture

      list accounting {
        key "name";
        description
          "Configure accounting of traffic";
        uses juniper-packet-accounting-options;
      }  // list accounting

      container port-mirroring {
        description
          "Configure port mirroring of traffic";
        uses juniper-port-mirror-options;
      }  // container port-mirroring

      container evpn-vxlan {
        description
          "EVPN VXLAN configurations";
        uses apply-advanced;

        leaf shared-tunnels {
          type empty;
          description
            "Create VTEP tunnels to EVPN PE";
        }

        container reroute-address {
          description
            "Reroute IP address for vxlan encapsulation";
          choice family {
            container inet {
              presence "enable inet";
              description
                "IPv4 address family";
              uses apply-advanced;

              leaf address {
                type jt:ipv4addr;
                description
                  "Reroute address for IPV4 FRR";
              }
            }  // container inet
            container inet6 {
              presence "enable inet6";
              description
                "IPv6 address family";
              uses apply-advanced;

              leaf address {
                type jt:ipv6addr;
                description
                  "Reroute address for IPV6 FRR";
              }
            }  // container inet6
          }  // choice family
        }  // container reroute-address
      }  // container evpn-vxlan

      container multicast-replication {
        description
          "Set mode of multicast replication";
        uses apply-advanced;

        container evpn {
          description
            "EVPN IRB multicast related options";
          uses apply-advanced;

          leaf irb {
            type enumeration {
              enum "local-only" {
                value 0;
                description
                  "Multicast forward in local-only mode";
              }
              enum "local-remote" {
                value 1;
                description
                  "Multicast forward in local-remote mode";
              }
              enum "oism" {
                value 2;
                description
                  "Optimized inter subnet multicast mode";
              }
            }
          }

          leaf smet-nexthop-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10000 .. 40000";
              }
            }
            description
              "Flood traffic to all egress when count goes above limit";
          }
        }  // container evpn
      }  // container multicast-replication

      container load-balance {
        description
          "Configure load-balancing attributes on the forwarding path";
        uses apply-advanced;

        container indexed-load-balance {
          presence
            "enable indexed-load-balance";
          description
            "Use indexed permuted next hop lists for unilist and aggregate next hops";
          uses apply-advanced;
        }  // container indexed-load-balance

        container per-flow {
          uses apply-advanced;
        }  // container per-flow

        container per-prefix {
          presence "enable per-prefix";
          uses apply-advanced;

          leaf hash-seed {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "0 .. 65534";
              }
            }
            default "0";
            description
              "Specifies per-router input value for per-prefix load-balancing hash function";
          }
        }  // container per-prefix
      }  // container load-balance

      container hash-key {
        description
          "Select data used in the hash key";
        uses junos_hash_key;
      }  // container hash-key

      container enhanced-hash-key {
        description
          "Select data used in the hash key for Enhanced IP Forwarding Engines";
        uses apply-advanced;

        container lag-dlb {
          presence "enable lag-dlb";
          description
            "Setting dynamic load balancing options for LAG";
          uses apply-advanced;

          container ether-type {
            presence "enable ether-type";
            description
              "Setting ether type for LAG DLB";
            uses apply-advanced;

            leaf ipv4 {
              type empty;
              description
                "Ether type is ipv4";
            }

            leaf ipv6 {
              type empty;
              description
                "Ether type is ipv6";
            }

            leaf mpls {
              type empty;
              description
                "Ether type is mpls";
            }
          }  // container ether-type
        }  // container lag-dlb

        container ecmp-dlb {
          junos:must "(!(".. ecmp-resilient-hash"))";
          junos:must-message "RH and DLB cannot be configured together";
          description
            "Set load balancing options for VC-Fabric forwarding";
          uses apply-advanced;

          choice mode {
            leaf assigned-flow {
              type empty;
              description
                "Flow-based fixed link assignment";
            }
            container flowlet {
              presence "enable flowlet";
              description
                "Inactivity-based flowlet link assignment (default)";
              uses apply-advanced;

              leaf inactivity-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32;
                }
                default "256";
                description
                  "Minimum inactivity interval in micro-seconds for flowlet detection";
              }
            }  // container flowlet
            leaf per-packet {
              type empty;
              description
                "Per-packet optimal spraying";
            }
          }  // choice mode

          container ether-type {
            presence "enable ether-type";
            description "Ether type";
            uses apply-advanced;

            leaf ipv4 {
              type empty;
              description "Set DLB for ipv4";
            }

            leaf ipv6 {
              type empty;
              description "Set DLB for ipv6";
            }

            leaf mpls {
              type empty;
              description "Set DLB for mpls";
            }
          }  // container ether-type
        }  // container ecmp-dlb

        container hash-seed {
          presence "enable hash-seed";
          description "Hash seed";
          uses apply-advanced;
        }  // container hash-seed

        container mpls {
          description
            "Configure mpls fields";
          uses apply-advanced;

          leaf no-incoming-port {
            type empty;
            description
              "Exclude incoming port from the hash key";
          }

          leaf no-incoming-device {
            type empty;
            description
              "Exclude incoming device from the hash key";
          }
        }  // container mpls

        container layer2 {
          description
            "Configure layer2 fields";
          uses apply-advanced;

          leaf no-incoming-port {
            type empty;
            description
              "Exclude incoming port from the hash key";
          }

          leaf no-incoming-device {
            type empty;
            description
              "Exclude incoming device from the hash key";
          }

          leaf no-source-mac-address {
            type empty;
            description
              "Exclude source MAC address from the hash key";
          }

          leaf no-destination-mac-address {
            type empty;
            description
              "Exclude destination MAC address from the hash key";
          }

          leaf no-ether-type {
            type empty;
            description
              "Exclude ether type from the hash key";
          }

          leaf vlan-id {
            type empty;
            description
              "Include incoming vlan-id in hash key";
          }
        }  // container layer2

        container inet {
          description
            "Configure inet4 fields";
          uses apply-advanced;

          leaf no-incoming-port {
            type empty;
            description
              "Exclude incoming port from the hash key";
          }

          leaf no-incoming-device {
            type empty;
            description
              "Exclude incoming device from the hash key";
          }

          leaf no-l4-source-port {
            type empty;
            description
              "Exclude l4 source port from the hash key";
          }

          leaf no-l4-destination-port {
            type empty;
            description
              "Exclude l4 dest port from the hash key";
          }

          leaf no-protocol {
            type empty;
            description
              "Exclude protocol from the hash key";
          }

          leaf no-ipv4-source-address {
            type empty;
            description
              "Exclude IPv4 source address";
          }

          leaf no-ipv4-destination-address {
            type empty;
            description
              "Exclude IPv4 destination address";
          }

          leaf vlan-id {
            type empty;
            description
              "Include incoming vlan-id in hash key";
          }
        }  // container inet

        container inet6 {
          description
            "Configure inet6 fields";
          uses apply-advanced;

          leaf no-incoming-port {
            type empty;
            description
              "Exclude incoming port from the hash key";
          }

          leaf no-incoming-device {
            type empty;
            description
              "Exclude incoming device from the hash key";
          }

          leaf no-l4-source-port {
            type empty;
            description
              "Exclude l4 source port from the hash key";
          }

          leaf no-l4-destination-port {
            type empty;
            description
              "Exclude l4 dest port from the hash key";
          }

          leaf no-next-header {
            type empty;
            description
              "Exclude next header from the hash key";
          }

          leaf no-ipv6-source-address {
            type empty;
            description
              "Exclude IPv6 source address";
          }

          leaf no-ipv6-destination-address {
            type empty;
            description
              "Exclude IPv6 destination address";
          }

          leaf vlan-id {
            type empty;
            description
              "Include vlan-id in hash key";
          }
        }  // container inet6

        leaf no-mpls {
          type empty;
          description
            "Disable mpls in hash key";
        }

        container gre {
          description "Configure for GRE ";
          uses apply-advanced;

          leaf key {
            type empty;
            description
              "Include key in hash key";
          }

          leaf protocol {
            type empty;
            description
              "Include protocol in hash key";
          }
        }  // container gre

        container services-loadbalancing {
          description
            "Select key to load balance across service PICs";
          uses apply-advanced;

          container family {
            description "Protocol family";
            container inet {
              description
                "IPv4 protocol family";
              uses apply-advanced;

              container layer-3-services {
                description
                  "Include Layer 3 (IP) data in the hash key";
                uses apply-advanced;

                leaf source-address {
                  type empty;
                  description
                    "Include IP source address in the hash key";
                }

                leaf destination-address {
                  type empty;
                  description
                    "Include IP destination address in the hash key";
                }

                leaf incoming-interface-index {
                  type empty;
                  description
                    "Include incoming interface index in the hash key";
                }
              }  // container layer-3-services
            }  // container inet

            container inet6 {
              description
                "IPv6 protocol family";
              uses apply-advanced;

              container layer-3-services {
                description
                  "Include Layer 3 (IP) data in the hash key";
                uses apply-advanced;

                leaf source-address {
                  type empty;
                  description
                    "Include IP source address in the hash key";
                }

                leaf destination-address {
                  type empty;
                  description
                    "Include IP destination address in the hash key";
                }

                leaf incoming-interface-index {
                  type empty;
                  description
                    "Include incoming interface index in the hash key";
                }

                leaf src-prefix-len {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "56 .. 127";
                    }
                  }
                  units "bits";
                  default "127";
                  description
                    "Enhanced hash key inet6 source prefix length";
                }
              }  // container layer-3-services
            }  // container inet6
          }  // container family
        }  // container services-loadbalancing

        container family {
          description "Protocol family";
          container inet {
            description
              "IPv4 protocol family";
            uses apply-advanced;

            leaf incoming-interface-index {
              type empty;
              description
                "Include incoming interface index in the hash key";
            }

            leaf no-destination-port {
              type empty;
              description
                "Omit IP destination port in the hash key";
            }

            leaf no-source-port {
              type empty;
              description
                "Omit IP source port in the hash key";
            }

            leaf type-of-service {
              type empty;
              description
                "Include TOS byte in the hash key";
            }

            leaf gtp-tunnel-endpoint-identifier {
              type empty;
              description
                "Include TEID in the hash key for GTP-U packets";
            }

            leaf l2tp-tunnel-session-identifier {
              type empty;
              description
                "Include TID SID in the hash key for L2TP packets";
            }

            leaf session-id {
              type empty;
              description
                "Include session ID in the enhanced hash key";
            }
          }  // container inet

          container inet6 {
            description
              "IPv6 protocol family";
            uses apply-advanced;

            leaf incoming-interface-index {
              type empty;
              description
                "Include incoming interface index in the hash key";
            }

            leaf traffic-class {
              type empty;
              description
                "Include Traffic Class byte in the hash key";
            }

            leaf no-destination-port {
              type empty;
              description
                "Omit IP destination port in the hash key";
            }

            leaf no-source-port {
              type empty;
              description
                "Omit IP source port in the hash key";
            }

            leaf gtp-tunnel-endpoint-identifier {
              type empty;
              description
                "Include TEID in the hash key for GTP-U packets";
            }

            leaf session-id {
              type empty;
              description
                "Include session ID in the enhanced hash key";
            }

            leaf no-flow-label {
              type empty;
              description
                "Omit Flow label in the hash key";
            }

            leaf type-of-service {
              type empty;
              description
                "Include TOS byte in the hash key";
            }
          }  // container inet6

          container mpls {
            description
              "MPLS protocol family";
            uses apply-advanced;

            leaf label-1-exp {
              type empty;
              description
                "Include EXP of first MPLS label from the hash key";
            }

            leaf incoming-interface-index {
              type empty;
              description
                "Include incoming interface index in the hash key";
            }

            choice pseudowire_option {
              leaf no-ether-pseudowire {
                type empty;
                description
                  "Omit IP payload over ethernet PW from the hash-key";
              }
              container ether-pseudowire {
                description
                  "Load-balance IP over ethernet PW";
                leaf zero-control-word {
                  type empty;
                  description
                    "Parse zero control word in packet header";
                }
              }  // container ether-pseudowire
            }  // choice pseudowire_option

            leaf no-payload {
              type empty;
              description
                "Omit MPLS payload data from the hash key";
            }
          }  // container mpls

          container multiservice {
            description
              "Multiservice protocol (bridged/CCC/VPLS) family";
            uses apply-advanced;

            leaf incoming-interface-index {
              type empty;
              description
                "Include incoming interface index in hash key";
            }

            leaf outer-priority {
              type empty;
              description
                "Include Outer 802.1 Priority bits in the hash key";
            }

            leaf no-payload {
              type empty;
              description
                "Omit payload data from the hash key";
            }

            leaf no-mac-addresses {
              type empty;
              description
                "Omit source and destination MAC addresses from the hash key";
            }
          }  // container multiservice
        }  // container family

        container vxlan {
          description "Vxlan traffic";
          uses apply-advanced;

          leaf no-inner-payload {
            type empty;
            description
              "To enable load-balancing on Vxlan traffic based on outer IP/UDP header";
          }
        }  // container vxlan

        list conditional-match {
          key "name";
          ordered-by user;
          description
            "Configures a conditional match";
          leaf name {
            type string;
            description "Name identifier";
          }

          uses apply-advanced;

          container offset1 {
            presence "enable offset1";
            description "Configure offset 1";
            uses apply-advanced;

            leaf base-offset1 {
              type enumeration {
                enum "start-of-L2Header" {
                  value 0;
                  description
                    "Offset will be extracted from start of L2 header";
                }
                enum
                  "start-of-L3-OuterHeader" {
                  value 1;
                  description
                    "Offset will be extracted from start of outer L3 header";
                }
                enum
                  "start-of-L3-InnerHeader" {
                  value 2;
                  description
                    "Offset will be extracted from start of inner L3 header";
                }
                enum "start-of-L4-Header" {
                  value 3;
                  description
                    "Offset will be extracted from start of L4 header";
                }
              }
              description
                "Configure base-offset";
            }

            leaf offset1-value {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "0 .. 126";
                }
              }
              description
                "Offset of the data to be extracted from the base offset. Only even number";
            }

            leaf matchdata1 {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description
                "Data to be matched";
            }

            leaf matchdata1-mask {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description "Matchdata mask";
            }
          }  // container offset1

          container offset2 {
            presence "enable offset2";
            description "Configure offset 2";
            uses apply-advanced;

            leaf base-offset2 {
              type enumeration {
                enum "start-of-L2Header" {
                  value 0;
                  description
                    "Offset will be extracted from start of L2 header";
                }
                enum
                  "start-of-L3-OuterHeader" {
                  value 1;
                  description
                    "Offset will be extracted from start of outer L3 header";
                }
                enum
                  "start-of-L3-InnerHeader" {
                  value 2;
                  description
                    "Offset will be extracted from start of inner L3 header";
                }
                enum "start-of-L4-Header" {
                  value 3;
                  description
                    "Offset will be extracted from start of L4 header";
                }
              }
              description
                "Configure base-offset";
            }

            leaf offset2-value {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "0 .. 126";
                }
              }
              description
                "Offset of the data to be extracted from the base offset. Only even number";
            }

            leaf matchdata2 {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description
                "Data to be matched";
            }

            leaf matchdata2-mask {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description "Matchdata mask";
            }
          }  // container offset2

          container offset3 {
            presence "enable offset3";
            description "Configure offset 3";
            uses apply-advanced;

            leaf base-offset3 {
              type enumeration {
                enum "start-of-L2Header" {
                  value 0;
                  description
                    "Offset will be extracted from start of L2 header";
                }
                enum
                  "start-of-L3-OuterHeader" {
                  value 1;
                  description
                    "Offset will be extracted from start of outer L3 header";
                }
                enum
                  "start-of-L3-InnerHeader" {
                  value 2;
                  description
                    "Offset will be extracted from start of inner L3 header";
                }
                enum "start-of-L4-Header" {
                  value 3;
                  description
                    "Offset will be extracted from start of L4 header";
                }
              }
              description
                "Configure base-offset";
            }

            leaf offset3-value {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "0 .. 126";
                }
              }
              description
                "Offset of the data to be extracted from the base offset. Only even number";
            }

            leaf matchdata3 {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description
                "Data to be matched";
            }

            leaf matchdata3-mask {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description "Matchdata mask";
            }
          }  // container offset3

          container offset4 {
            presence "enable offset4";
            description "Configure offset 4";
            uses apply-advanced;

            leaf base-offset4 {
              type enumeration {
                enum "start-of-L2Header" {
                  value 0;
                  description
                    "Offset will be extracted from start of L2 header";
                }
                enum
                  "start-of-L3-OuterHeader" {
                  value 1;
                  description
                    "Offset will be extracted from start of outer L3 header";
                }
                enum
                  "start-of-L3-InnerHeader" {
                  value 2;
                  description
                    "Offset will be extracted from start of inner L3 header";
                }
                enum "start-of-L4-Header" {
                  value 3;
                  description
                    "Offset will be extracted from start of L4 header";
                }
              }
              description
                "Configure base-offset";
            }

            leaf offset4-value {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "0 .. 126";
                }
              }
              description
                "Offset of the data to be extracted from the base offset. Only even number";
            }

            leaf matchdata4 {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description
                "Data to be matched";
            }

            leaf matchdata4-mask {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "4";
              }
              description "Matchdata mask";
            }
          }  // container offset4
        }  // list conditional-match

        list flex-hashing {
          key "name";
          ordered-by user;
          description "Set flex hashing";
          leaf name {
            type string;
            description "Name identifier";
          }

          uses apply-advanced;

          container ethtype {
            presence "enable ethtype";
            description
              "Configure ether-type of packet";
            uses apply-advanced;

            container inet {
              description
                "Enable flex-hashing on ipv4";
              uses apply-advanced;

              leaf interface {
                type union {
                  type jt:interface-name;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Incoming interface name. This is optional parameter";
              }

              leaf conditional-match {
                type string;
                description
                  "Conditional match to be matched in the packet";
              }

              container hash-offset {
                description
                  "Configure the offsets for hashing";
                uses apply-advanced;

                container offset1 {
                  presence "enable offset1";
                  description
                    "Configure offset 1 value";
                  uses apply-advanced;

                  leaf base-offset1 {
                    type enumeration {
                      enum
                        "start-of-L2Header" {
                        value 0;
                        description
                          "Offset will be extracted from start of L2 header";
                      }
                      enum
                        "start-of-L3-OuterHeader" {
                        value 1;
                        description
                          "Offset will be extracted from start of outer L3 header";
                      }
                      enum
                        "start-of-L3-InnerHeader" {
                        value 2;
                        description
                          "Offset will be extracted from start of inner L3 header";
                      }
                      enum
                        "start-of-L4-Header" {
                        value 3;
                        description
                          "Offset will be extracted from start of L4 header";
                      }
                    }
                    description
                      "Configure base-offset";
                  }

                  leaf offset1-value {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint8 {
                        range "0 .. 126";
                      }
                    }
                    description
                      "Offset of the data to be extracted from the base offset. Only even number";
                  }

                  leaf offset1-mask {
                    type string {
                      junos:posix-pattern "^[[:xdigit:]]+$";
                      junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                      length "4";
                    }
                    description
                      "Mask for the hash data extracted. 2 byte mask";
                  }

                  container offset2 {
                    presence
                      "enable offset2";
                    description
                      "Configure offset 2 value";
                    uses apply-advanced;

                    leaf base-offset2 {
                      type enumeration {
                        enum
                          "start-of-L2Header" {
                          value 0;
                          description
                            "Offset will be extracted from start of L2 header";
                        }
                        enum
                          "start-of-L3-OuterHeader" {
                          value 1;
                          description
                            "Offset will be extracted from start of outer L3 header";
                        }
                        enum
                          "start-of-L3-InnerHeader" {
                          value 2;
                          description
                            "Offset will be extracted from start of inner L3 header";
                        }
                        enum
                          "start-of-L4-Header" {
                          value 3;
                          description
                            "Offset will be extracted from start of L4 header";
                        }
                      }
                      description
                        "Configure base-offset";
                    }

                    leaf offset2-value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint8 {
                          range "0 .. 126";
                        }
                      }
                      description
                        "Offset of the data to be extracted from the base offset. Only even number";
                    }

                    leaf offset2-mask {
                      type string {
                        junos:posix-pattern "^[[:xdigit:]]+$";
                        junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                        length "4";
                      }
                      description
                        "Mask for the hash data extracted. 2 byte mask";
                    }
                  }  // container offset2
                }  // container offset1
              }  // container hash-offset
            }  // container inet

            container inet6 {
              description
                "Enable flex-hashing on ipv6";
              uses apply-advanced;

              leaf interface {
                type union {
                  type jt:interface-name;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Incoming interface name. This is optional parameter";
              }

              leaf conditional-match {
                type string;
                description
                  "Conditional match to be matched in the packet";
              }

              container hash-offset {
                description
                  "Configure the offsets for hashing";
                uses apply-advanced;

                container offset1 {
                  presence "enable offset1";
                  description
                    "Configure offset 1 value";
                  uses apply-advanced;

                  leaf base-offset1 {
                    type enumeration {
                      enum
                        "start-of-L2Header" {
                        value 0;
                        description
                          "Offset will be extracted from start of L2 header";
                      }
                      enum
                        "start-of-L3-OuterHeader" {
                        value 1;
                        description
                          "Offset will be extracted from start of outer L3 header";
                      }
                      enum
                        "start-of-L3-InnerHeader" {
                        value 2;
                        description
                          "Offset will be extracted from start of inner L3 header";
                      }
                      enum
                        "start-of-L4-Header" {
                        value 3;
                        description
                          "Offset will be extracted from start of L4 header";
                      }
                    }
                    description
                      "Configure base-offset";
                  }

                  leaf offset1-value {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint8 {
                        range "0 .. 126";
                      }
                    }
                    description
                      "Offset of the data to be extracted from the base offset. Only even number";
                  }

                  leaf offset1-mask {
                    type string {
                      junos:posix-pattern "^[[:xdigit:]]+$";
                      junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                      length "4";
                    }
                    description
                      "Mask for the hash data extracted. 2 byte mask";
                  }

                  container offset2 {
                    presence
                      "enable offset2";
                    description
                      "Configure offset 2 value";
                    uses apply-advanced;

                    leaf base-offset2 {
                      type enumeration {
                        enum
                          "start-of-L2Header" {
                          value 0;
                          description
                            "Offset will be extracted from start of L2 header";
                        }
                        enum
                          "start-of-L3-OuterHeader" {
                          value 1;
                          description
                            "Offset will be extracted from start of outer L3 header";
                        }
                        enum
                          "start-of-L3-InnerHeader" {
                          value 2;
                          description
                            "Offset will be extracted from start of inner L3 header";
                        }
                        enum
                          "start-of-L4-Header" {
                          value 3;
                          description
                            "Offset will be extracted from start of L4 header";
                        }
                      }
                      description
                        "Configure base-offset";
                    }

                    leaf offset2-value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint8 {
                          range "0 .. 126";
                        }
                      }
                      description
                        "Offset of the data to be extracted from the base offset. Only even number";
                    }

                    leaf offset2-mask {
                      type string {
                        junos:posix-pattern "^[[:xdigit:]]+$";
                        junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                        length "4";
                      }
                      description
                        "Mask for the hash data extracted. 2 byte mask";
                    }
                  }  // container offset2
                }  // container offset1
              }  // container hash-offset
            }  // container inet6

            container mpls {
              description
                "Configure number of MPLS labels";
              uses apply-advanced;

              leaf num-labels {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "1 .. 5";
                  }
                }
                description
                  "Configure number of MPLS labels";
              }

              leaf interface {
                type union {
                  type jt:interface-name;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Incoming interface name. This is optional parameter";
              }

              leaf conditional-match {
                type string;
                description
                  "Conditional match to be matched in the packet";
              }

              container hash-offset {
                description
                  "Configure the offsets for hashing";
                uses apply-advanced;

                container offset1 {
                  presence "enable offset1";
                  description
                    "Configure offset 1 value";
                  uses apply-advanced;

                  leaf base-offset1 {
                    type enumeration {
                      enum
                        "start-of-L2Header" {
                        value 0;
                        description
                          "Offset will be extracted from start of L2 header";
                      }
                      enum
                        "start-of-L3-OuterHeader" {
                        value 1;
                        description
                          "Offset will be extracted from start of outer L3 header";
                      }
                      enum
                        "start-of-L3-InnerHeader" {
                        value 2;
                        description
                          "Offset will be extracted from start of inner L3 header";
                      }
                      enum
                        "start-of-L4-Header" {
                        value 3;
                        description
                          "Offset will be extracted from start of L4 header";
                      }
                    }
                    description
                      "Configure base-offset";
                  }

                  leaf offset1-value {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint8 {
                        range "0 .. 126";
                      }
                    }
                    description
                      "Offset of the data to be extracted from the base offset. Only even number";
                  }

                  leaf offset1-mask {
                    type string {
                      junos:posix-pattern "^[[:xdigit:]]+$";
                      junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                      length "4";
                    }
                    description
                      "Mask for the hash data extracted. 2 byte mask";
                  }

                  container offset2 {
                    presence
                      "enable offset2";
                    description
                      "Configure offset 2 value";
                    uses apply-advanced;

                    leaf base-offset2 {
                      type enumeration {
                        enum
                          "start-of-L2Header" {
                          value 0;
                          description
                            "Offset will be extracted from start of L2 header";
                        }
                        enum
                          "start-of-L3-OuterHeader" {
                          value 1;
                          description
                            "Offset will be extracted from start of outer L3 header";
                        }
                        enum
                          "start-of-L3-InnerHeader" {
                          value 2;
                          description
                            "Offset will be extracted from start of inner L3 header";
                        }
                        enum
                          "start-of-L4-Header" {
                          value 3;
                          description
                            "Offset will be extracted from start of L4 header";
                        }
                      }
                      description
                        "Configure base-offset";
                    }

                    leaf offset2-value {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint8 {
                          range "0 .. 126";
                        }
                      }
                      description
                        "Offset of the data to be extracted from the base offset. Only even number";
                    }

                    leaf offset2-mask {
                      type string {
                        junos:posix-pattern "^[[:xdigit:]]+$";
                        junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                        length "4";
                      }
                      description
                        "Mask for the hash data extracted. 2 byte mask";
                    }
                  }  // container offset2
                }  // container offset1
              }  // container hash-offset
            }  // container mpls
          }  // container ethtype
        }  // list flex-hashing
      }  // container enhanced-hash-key

      container next-hop {
        description "Next hop throttle";
        uses apply-advanced;

        leaf arp-throttle {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "10 .. 100";
            }
          }
          description
            "Change the arp throttling time(seconds)";
        }

        leaf arp-detect {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100000";
            }
          }
          description
            "Change the arp throttling detect time(milliseconds)";
        }
      }  // container next-hop

      container sflow {
        description "Sflow related";
        uses apply-advanced;

        container egress-multicast {
          description
            "Sflow for egress multicast";
          uses apply-advanced;

          leaf max-replication-rate {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 2000";
              }
            }
            description
              "To configure max replication rate (0 to 2K pps)";
          }
        }  // container egress-multicast
      }  // container sflow

      container multicast {
        description
          "Multicast resolve and mismatch rate";
        uses apply-advanced;

        leaf resolve-rate {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "100 .. 1000";
            }
          }
          units "per second";
          description
            "Multicast resolve rate";
        }

        leaf mismatch-rate {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "50 .. 1000";
            }
          }
          units "per second";
          description
            "Multicast interface mismatch rate";
        }
      }  // container multicast

      container packet-capture-telemetry {
        description
          "Packet capture telemetry options";
        uses apply-advanced;

        container egress {
          description "Egress options";
          uses packet-capture-egress-intf-type;
        }  // container egress
      }  // container packet-capture-telemetry

      container explicit-null-cos {
        presence "enable explicit-null-cos";
        description
          "Configure to use MPLS explicit null exp for COS classification";
        uses apply-advanced;

        leaf inet {
          type empty;
          description "Include family inet";
        }

        leaf inet6 {
          type empty;
          description "Include family inet6";
        }
      }  // container explicit-null-cos

      container helpers {
        description
          "Port forwarding configuration";
        uses apply-advanced;

        container traceoptions {
          description
            "Trace options for helper";
          uses apply-advanced;

          leaf no-remote-trace {
            junos:must "("system tracing")";
            junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
            type empty;
            description
              "Disable remote tracing";
          }

          container file {
            description
              "Trace file information";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "3";
              description
                "Maximum number of trace files";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice

            leaf match {
              type jt:regular-expression;
              description
                "Regular expression for lines to be logged";
            }
          }  // container file

          leaf level {
            type enumeration {
              enum "error" {
                value 0;
                description
                  "Match error conditions";
              }
              enum "warning" {
                value 1;
                description
                  "Match warning messages";
              }
              enum "notice" {
                value 2;
                description
                  "Match conditions that should be handled specially";
              }
              enum "info" {
                value 3;
                description
                  "Match informational messages";
              }
              enum "verbose" {
                value 4;
                description
                  "Match verbose messages";
              }
              enum "all" {
                value 5;
                description
                  "Match all levels";
              }
            }
            default "error";
            description
              "Level of debugging output";
          }

          list flag {
            key "name";
            ordered-by user;
            description
              "Area of UDP forwarding helper process on which to enable debugging output";
            leaf name {
              type enumeration {
                enum "trace" {
                  value 0;
                  description
                    "Trace tracing code";
                }
                enum "address" {
                  value 1;
                  description
                    "Trace address management code";
                }
                enum "main" {
                  value 2;
                  description
                    "Trace main loop code";
                }
                enum "config" {
                  value 3;
                  description
                    "Trace configuration code";
                }
                enum "ifdb" {
                  value 4;
                  description
                    "Trace interface database code";
                }
                enum "io" {
                  value 5;
                  description
                    "Trace I/O code";
                }
                enum "rtsock" {
                  value 6;
                  description
                    "Trace routing socket code";
                }
                enum "ui" {
                  value 7;
                  description
                    "Trace user interface code";
                }
                enum "util" {
                  value 8;
                  description
                    "Trace miscellaneous utility code";
                }
                enum "gencfg" {
                  value 9;
                  description
                    "Trace fud gencfg message";
                }
                enum "domain" {
                  value 10;
                  description
                    "Trace DNS service-specific code";
                }
                enum "tftp" {
                  value 11;
                  description
                    "Trace TFTP service-specific code";
                }
                enum "bootp" {
                  value 12;
                  description
                    "Trace BOOTP/DHCP service-specific code";
                }
                enum "port" {
                  value 13;
                  description
                    "Trace arbitrary protocol code";
                }
                enum "if-rtsdb" {
                  value 14;
                  description
                    "Trace interface hierarchy rtsdb";
                }
                enum "all" {
                  value 15;
                  description
                    "Trace all areas of code";
                }
              }
            }
          }  // list flag
        }  // container traceoptions

        container rtsdb-client-traceoptions {
          presence
            "enable rtsdb-client-traceoptions";
          status deprecated;
          description
            "SHM rtsock database client library trace options";
          uses apply-advanced;

          container if-rtsdb {
            presence "enable if-rtsdb";
            description
              "Trace interface hierarchy rtsdb";
            uses apply-advanced;

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "init" {
                    value 0;
                    description
                      "Trace initialization";
                  }
                  enum "routing-socket" {
                    value 1;
                    description
                      "Trace routing socket messages";
                  }
                  enum "map" {
                    value 2;
                    description
                      "Trace shared memory mapping";
                  }
                  enum "all" {
                    value 3;
                    description "Trace all";
                  }
                }
              }

              leaf disable {
                type empty;
                description
                  "Disable this trace flag";
              }
            }  // list flag
          }  // container if-rtsdb
        }  // container rtsdb-client-traceoptions

        container domain {
          description
            "Incoming DNS request forwarding configuration";
          uses apply-advanced;

          leaf description {
            type string;
            description
              "Text description of server";
          }

          container server {
            description "Server information";
            leaf address {
              type jt:ipv4addr;
              description
                "Name or address of server to which to forward";
            }

            choice instance {
              container logical-system {
                description
                  "Logical system of server to which to forward";
                leaf logical-system-name {
                  junos:must "("logical-systems $$")";
                  junos:must-message "referenced logical system must be defined";
                  type string {
                    junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                    junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                  }
                  description
                    "Name of logical system";
                }

                leaf routing-instance {
                  type union {
                    type string {
                      pattern "default";
                    }
                    type string {
                      junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                      junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                    }
                  }
                  description
                    "Routing instance of server to which to forward";
                }
              }  // container logical-system
              leaf routing-instance {
                junos:must "("routing-instances $$")";
                junos:must-message "referenced routing instance must be defined";
                type union {
                  type string {
                    pattern "default";
                  }
                  type string {
                    junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                    junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                  }
                }
                description
                  "Routing instance of server to which to forward";
              }
            }  // choice instance
          }  // container server

          list interface {
            key "name";
            ordered-by user;
            description
              "Incoming DNS request forwarding interface configuration";
            leaf name {
              type union {
                type jt:interface-wildcard;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Name of interface or group of interfaces";
            }

            uses apply-advanced;

            leaf no-listen {
              type empty;
              description
                "Do not listen on this interface";
            }

            leaf broadcast {
              type empty;
              description
                "If the layer 2 interface is unknown then broadcast";
            }

            leaf description {
              type string;
              description
                "Text description of server";
            }

            container server {
              description
                "Server information";
              leaf address {
                type jt:ipv4addr;
                description
                  "Name or address of server to which to forward";
              }

              choice instance {
                container logical-system {
                  description
                    "Logical system of server to which to forward";
                  leaf logical-system-name {
                    junos:must "("logical-systems $$")";
                    junos:must-message "referenced logical system must be defined";
                    type string {
                      junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                      junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                    }
                    description
                      "Name of logical system";
                  }

                  leaf routing-instance {
                    type union {
                      type string {
                        pattern "default";
                      }
                      type string {
                        junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                        junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                      }
                    }
                    description
                      "Routing instance of server to which to forward";
                  }
                }  // container logical-system
                leaf routing-instance {
                  junos:must "("routing-instances $$")";
                  junos:must-message "referenced routing instance must be defined";
                  type union {
                    type string {
                      pattern "default";
                    }
                    type string {
                      junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                      junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                    }
                  }
                  description
                    "Routing instance of server to which to forward";
                }
              }  // choice instance
            }  // container server
          }  // list interface
        }  // container domain

        container tftp {
          description
            "Incoming TFTP request forwarding configuration";
          uses apply-advanced;

          leaf description {
            type string;
            description
              "Text description of server";
          }

          container server {
            description "Server information";
            leaf address {
              type jt:ipv4addr;
              description
                "Name or address of server to which to forward";
            }

            choice instance {
              container logical-system {
                description
                  "Logical system of server to which to forward";
                leaf logical-system-name {
                  junos:must "("logical-systems $$")";
                  junos:must-message "referenced logical system must be defined";
                  type string {
                    junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                    junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                  }
                  description
                    "Name of logical system";
                }

                leaf routing-instance {
                  type union {
                    type string {
                      pattern "default";
                    }
                    type string {
                      junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                      junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                    }
                  }
                  description
                    "Routing instance of server to which to forward";
                }
              }  // container logical-system
              leaf routing-instance {
                junos:must "("routing-instances $$")";
                junos:must-message "referenced routing instance must be defined";
                type union {
                  type string {
                    pattern "default";
                  }
                  type string {
                    junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                    junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                  }
                }
                description
                  "Routing instance of server to which to forward";
              }
            }  // choice instance
          }  // container server

          list interface {
            key "name";
            ordered-by user;
            description
              "Incoming TFTP request forwarding interface configuration";
            leaf name {
              type union {
                type jt:interface-wildcard;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Name of interface or group of interfaces";
            }

            uses apply-advanced;

            leaf no-listen {
              type empty;
              description
                "Do not listen on this interface";
            }

            leaf broadcast {
              type empty;
              description
                "If the layer 2 interface is unknown then broadcast";
            }

            leaf description {
              type string;
              description
                "Text description of server";
            }

            container server {
              description
                "Server information";
              leaf address {
                type jt:ipv4addr;
                description
                  "Name or address of server to which to forward";
              }

              choice instance {
                container logical-system {
                  description
                    "Logical system of server to which to forward";
                  leaf logical-system-name {
                    junos:must "("logical-systems $$")";
                    junos:must-message "referenced logical system must be defined";
                    type string {
                      junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                      junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                    }
                    description
                      "Name of logical system";
                  }

                  leaf routing-instance {
                    type union {
                      type string {
                        pattern "default";
                      }
                      type string {
                        junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                        junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                      }
                    }
                    description
                      "Routing instance of server to which to forward";
                  }
                }  // container logical-system
                leaf routing-instance {
                  junos:must "("routing-instances $$")";
                  junos:must-message "referenced routing instance must be defined";
                  type union {
                    type string {
                      pattern "default";
                    }
                    type string {
                      junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                      junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                    }
                  }
                  description
                    "Routing instance of server to which to forward";
                }
              }  // choice instance
            }  // container server
          }  // list interface
        }  // container tftp

        container bootp {
          junos:must "(!("system autoinstallation"))";
          junos:must-message "incompatible with 'system autoinstallation'";
          description
            "Incoming BOOTP/DHCP request forwarding configuration";
          uses apply-advanced;

          leaf relay-agent-option {
            type empty;
            description
              "Use DHCP Relay Agent option in relayed BOOTP/DHCP messages";
          }

          leaf description {
            type string;
            description
              "Text description of servers";
          }

          list server {
            key "name";
            ordered-by user;
            description "Server information";
            leaf name {
              type jt:ipv4addr;
              description
                "Name or address of servers to which to forward";
            }

            uses apply-advanced;

            list logical-system {
              key "name";
              ordered-by user;
              description
                "Logical system of server to which to forward";
              leaf name {
                junos:must "("logical-systems $$")";
                junos:must-message "referenced logical system must be defined";
                type string {
                  junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                  junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                }
                description
                  "Name of logical system";
              }

              leaf-list routing-instance {
                type string;
                ordered-by user;
                description
                  "Routing instance of server to which to forward";
              }
            }  // list logical-system

            leaf-list routing-instance {
              type string;
              ordered-by user;
              description
                "Routing instance of server to which to forward";
            }
          }  // list server

          leaf maximum-hop-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16";
              }
            }
            default "4";
            description
              "Maximum number of hops per packet";
          }

          leaf minimum-wait-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 30000";
              }
            }
            default "0";
            description
              "Minimum number of seconds before requests are forwarded";
          }

          leaf client-response-ttl {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "IP time-to-live value to set in responses to client";
          }

          leaf vpn {
            type empty;
            description
              "Enable vpn encryption ";
          }

          leaf apply-secondary-as-giaddr {
            type empty;
            description
              "Enable DHCP relay to use secondary gateway ip on all interfaces";
          }

          list interface {
            key "name";
            ordered-by user;
            description
              "Incoming BOOTP/DHCP request forwarding interface configuration";
            leaf name {
              type union {
                type jt:interface-wildcard;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Name of interface or group of interfaces";
            }

            uses apply-advanced;

            leaf no-listen {
              type empty;
              description
                "Do not listen on this interface";
            }

            leaf broadcast {
              type empty;
              description
                "If the layer 2 interface is unknown then broadcast";
            }

            leaf description {
              type string;
              description
                "Text description of servers";
            }

            list server {
              key "name";
              ordered-by user;
              description
                "Server information";
              leaf name {
                type jt:ipv4addr;
                description
                  "Name or address of servers to which to forward";
              }

              uses apply-advanced;

              list logical-system {
                key "name";
                ordered-by user;
                description
                  "Logical system of server to which to forward";
                leaf name {
                  junos:must "("logical-systems $$")";
                  junos:must-message "referenced logical system must be defined";
                  type string {
                    junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                    junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                  }
                  description
                    "Name of logical system";
                }

                leaf-list routing-instance {
                  type string;
                  ordered-by user;
                  description
                    "Routing instance of server to which to forward";
                }
              }  // list logical-system

              leaf-list routing-instance {
                type string;
                ordered-by user;
                description
                  "Routing instance of server to which to forward";
              }
            }  // list server

            leaf maximum-hop-count {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16";
                }
              }
              default "4";
              description
                "Maximum number of hops per packet";
            }

            leaf minimum-wait-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 30000";
                }
              }
              default "0";
              description
                "Minimum number of seconds before requests are forwarded";
            }

            leaf client-response-ttl {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "IP time-to-live value to set in responses to client";
            }

            leaf vpn {
              type empty;
              description
                "Enable vpn encryption ";
            }

            leaf apply-secondary-as-giaddr {
              type empty;
              description
                "Enable DHCP relay to use secondary gateway ip on this interface";
            }
          }  // list interface
        }  // container bootp

        list port {
          key "name";
          ordered-by user;
          description
            "Incoming arbitrary protocol request forwarding configuration";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Port number of the protocol to listen";
          }

          uses apply-advanced;

          leaf description {
            type string;
            description
              "Text description of server";
          }

          list server {
            key "name";
            ordered-by user;
            description "Server information";
            leaf name {
              type jt:ipv4addr;
              description
                "Name or address of server to which to forward";
            }

            uses apply-advanced;

            choice instance {
              container logical-system {
                description
                  "Logical system of server to which to forward";
                leaf logical-system-name {
                  junos:must "("logical-systems $$")";
                  junos:must-message "referenced logical system must be defined";
                  type string {
                    junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                    junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                  }
                  description
                    "Name of logical system";
                }

                leaf routing-instance {
                  type union {
                    type string {
                      pattern "default";
                    }
                    type string {
                      junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                      junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                    }
                  }
                  description
                    "Routing instance of server to which to forward";
                }
              }  // container logical-system
              leaf routing-instance {
                junos:must "("routing-instances $$")";
                junos:must-message "referenced routing instance must be defined";
                type union {
                  type string {
                    pattern "default";
                  }
                  type string {
                    junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                    junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                  }
                }
                description
                  "Routing instance of server to which to forward";
              }
            }  // choice instance
          }  // list server

          list interface {
            key "name";
            ordered-by user;
            description
              "Incoming request forwarding interface configuration";
            leaf name {
              type union {
                type jt:interface-wildcard;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Name of interface or group of interfaces";
            }

            uses apply-advanced;

            leaf no-listen {
              type empty;
              description
                "Do not listen on this interface";
            }

            leaf broadcast {
              type empty;
              description
                "If the layer 2 interface is unknown then broadcast";
            }

            leaf description {
              type string;
              description
                "Text description of server";
            }

            list server {
              key "name";
              ordered-by user;
              description
                "Server information";
              leaf name {
                type jt:ipv4addr;
                description
                  "Name or address of server to which to forward";
              }

              uses apply-advanced;

              choice instance {
                container logical-system {
                  description
                    "Logical system of server to which to forward";
                  leaf logical-system-name {
                    junos:must "("logical-systems $$")";
                    junos:must-message "referenced logical system must be defined";
                    type string {
                      junos:posix-pattern "^[a-zA-Z0-9_-]{1,63}$";
                      junos:pattern-message "Logical-system name is a string consisting of up to 63 letters, numbers, dashes and underscores";
                    }
                    description
                      "Name of logical system";
                  }

                  leaf routing-instance {
                    type union {
                      type string {
                        pattern "default";
                      }
                      type string {
                        junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                        junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                      }
                    }
                    description
                      "Routing instance of server to which to forward";
                  }
                }  // container logical-system
                leaf routing-instance {
                  junos:must "("routing-instances $$")";
                  junos:must-message "referenced routing instance must be defined";
                  type union {
                    type string {
                      pattern "default";
                    }
                    type string {
                      junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                      junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                    }
                  }
                  description
                    "Routing instance of server to which to forward";
                }
              }  // choice instance
            }  // list server
          }  // list interface
        }  // list port
      }  // container helpers

      container family {
        description "Protocol family";
        container inet {
          description "IPv4 parameters";
          uses apply-advanced;

          container filter {
            description
              "Filtering for forwarding table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for forwarded packets";
            }

            leaf output {
              type string;
              description
                "Name of output filter to apply for forwarded packets";
            }
          }  // container filter
        }  // container inet

        container inet6 {
          description "IPv6 parameters";
          uses apply-advanced;

          container filter {
            description
              "Filtering for forwarding table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for forwarded packets";
            }

            leaf output {
              type string;
              description
                "Name of output filter to apply for forwarded packets";
            }
          }  // container filter

          leaf source-checking {
            type empty;
            description
              "Discard IPv6 packet when source address type is unspecified, loopback, multicast or link-local ";
          }
        }  // container inet6

        container mpls {
          description "MPLS parameters";
          uses apply-advanced;

          container filter {
            description
              "Filtering for forwarding table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for forwarded packets";
            }

            leaf output {
              type string;
              description
                "Name of output filter to apply for forwarded packets";
            }
          }  // container filter
        }  // container mpls

        container vpls {
          description "VPLS parameters";
          uses apply-advanced;

          container filter {
            description
              "Filtering for VPLS DMAC forwarding table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for forwarded packets";
            }
          }  // container filter

          container flood {
            description
              "Filtering for VPLS flood table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for VPLS flood packets";
            }
          }  // container flood
        }  // container vpls

        container evpn {
          description "EVPN parameters";
          uses apply-advanced;

          container filter {
            description
              "Filtering for EVPN DMAC forwarding table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for forwarded packets";
            }
          }  // container filter

          container flood {
            description
              "Filtering for EVPN flood table";
            uses apply-advanced;

            leaf input {
              type string;
              description
                "Name of input filter to apply for EVPN flood packets";
            }
          }  // container flood
        }  // container evpn
      }  // container family

      list next-hop-group {
        key "name";
        description
          "Next hop group forwarding option";
        uses juniper-next-hop-group-options;
      }  // list next-hop-group

      container dhcp-relay {
        junos:must "(!("system services dhcp"))";
        junos:must-message "Incompatible with 'set system services dhcp'";
        junos:must "(!(".. .. instance-type virtual-switch"))";
        junos:must-message "forwarding-options dhcp-relay incompatible with routing-instances instance-type virtual-switch'";
        description
          "Dynamic Host Configuration Protocol relay configuration";
        uses jdhcp-relay-type;
      }  // container dhcp-relay

      choice load-balance-label-capability-choice {
        leaf load-balance-label-capability {
          type empty;
          description
            "Load balance label capability";
        }
        leaf no-load-balance-label-capability {
          type empty;
          description
            "Don't load balance label capability";
        }
      }  // choice load-balance-label-capability-choice

      list ip-options-protocol-queue {
        key "name";
        ordered-by user;
        description
          "IP Options protocol logical queue parameters";
        leaf name {
          type string;
          description "Protocol name";
        }

        uses apply-advanced;

        leaf protocol-id {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 254";
            }
          }
          description "Protocol Identifier";
        }

        leaf queue-depth {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 807";
            }
          }
          description
            "Size of the protocol logical options queue";
        }
      }  // list ip-options-protocol-queue

      container access-security {
        description
          "Access security configuration";
        uses jdhcp-access-security-type;
      }  // container access-security

      container vxlan-routing {
        description
          "VXLAN Routing forwarding options";
        uses apply-advanced;

        leaf next-hop {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Next-hop. Must be multiple of 4096. This will restart PFE";
        }

        leaf interface-num {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Interface. Must be multiple of 2048. This will restart PFE";
        }

        leaf overlay-ecmp {
          type empty;
          description
            "Enable overlay ecmp for vxlan L3. This will restart PFE";
        }

        leaf loopback-port {
          junos:must "(all "interfaces $$ unit <*> family ethernet-switching interface-mode trunk")";
          junos:must-message "Interface-mode trunk needs to be enabled for loopback AE";
          junos:must "("chassis aggregated-devices ethernet device-count")";
          junos:must-message "Ethernet device-count needs to be configured for loopback AE";
          junos:must "("interfaces $$ aggregated-ether-options loopback")";
          junos:must-message "Loopback needs to be enabled on the AE interface";
          type string;
          description
            "AE loopback interface used for VXLAN routing. This will restart PFE";
        }
      }  // container vxlan-routing
    }  // grouping juniper-forwarding-options

    grouping jdhcp-access-security-type {
      description
        "Access security configuration";
      uses apply-advanced;

      container router-advertisement-guard {
        presence
          "enable router-advertisement-guard";
        description
          "Router Advertisement Guard Configuration";
        uses apply-advanced;

        list policy {
          key "name";
          ordered-by user;
          description
            "Router Advertisement Guard policy";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description
              "Router Advertisement Guard policy name";
          }

          uses apply-advanced;

          container discard {
            description "Discard parameters";
            uses apply-advanced;

            leaf source-ip-address-list {
              type string;
              description
                "IPv6 Source address list name";
            }

            leaf source-mac-address-list {
              type string;
              description
                "Source mac address list name";
            }

            leaf prefix-list-name {
              type string;
              description "Prefix-list Name";
            }
          }  // container discard

          container accept {
            description "Accept parameters";
            uses apply-advanced;

            container match-list {
              description
                "List of parameters to check";
              uses apply-advanced;

              leaf source-ip-address-list {
                type string;
                description
                  "IPv6 Source address list name";
              }

              leaf source-mac-address-list {
                type string;
                description
                  "Source mac address list name";
              }

              leaf prefix-list-name {
                type string;
                description
                  "Prefix-list Name";
              }

              leaf match-criteria {
                type enumeration {
                  enum "match-all" {
                    value 0;
                    description
                      "A match from every list";
                  }
                  enum "match-any" {
                    value 1;
                    description
                      "A match from any list";
                  }
                }
                description "Match Criteria";
              }
            }  // container match-list

            container match-options {
              presence
                "enable match-options";
              description
                "List of Options to check";
              uses apply-advanced;

              container hop-limit {
                description "Hop limit";
                uses apply-advanced;

                leaf maximum {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255";
                    }
                  }
                  description
                    "Maximum hop limit";
                }

                leaf minimum {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255";
                    }
                  }
                  description
                    "Minimum hop limit";
                }
              }  // container hop-limit

              container route-preference {
                description
                  "Accept route preference";
                uses apply-advanced;

                leaf maximum {
                  type enumeration {
                    enum "low" {
                      value 0;
                      description
                        "Route preference low";
                    }
                    enum "medium" {
                      value 1;
                      description
                        "Route preference medium";
                    }
                    enum "high" {
                      value 2;
                      description
                        "Route preference high";
                    }
                  }
                  description
                    "Maximum route preference";
                }
              }  // container route-preference

              leaf managed-config-flag {
                type empty;
                description
                  "Check Managed config flag";
              }

              leaf other-config-flag {
                type empty;
                description
                  "Check Other config flag";
              }
            }  // container match-options
          }  // container accept
        }  // list policy

        container interface {
          description
            "RA Guard config on Interface";
          uses apply-advanced;

          list intf-config {
            key "name";
            description
              "Interface Configuration";
            uses interface-policy;
          }  // list intf-config
        }  // container interface

        container vlans {
          description
            "RA Guard config on Vlan";
          uses apply-advanced;

          list vlan-config {
            key "name";
            description
              "Virtual LAN Configuration";
            uses vlan-policy;
          }  // list vlan-config
        }  // container vlans
      }  // container router-advertisement-guard
    }  // grouping jdhcp-access-security-type

    grouping interface-policy {
      description "Interface Name";
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface Name";
      }

      uses apply-advanced;

      container policy {
        description "Attach policy";
        uses apply-advanced;

        leaf policy-name {
          type string;
          description
            "Router Advertisement Guard policy name";
        }

        choice policy-type {
          leaf stateful {
            type empty;
            description
              "Stateful router advertisement guard";
          }
          leaf stateless {
            type empty;
            description
              "Stateless router advertisement guard";
          }
        }  // choice policy-type
      }  // container policy

      container mark-interface {
        description "Mark interface";
        uses apply-advanced;

        choice mark-intf-type {
          leaf trusted {
            junos:must "(!(".. .. policy"))";
            junos:must-message "Trusted interfaces cannot have policy attached";
            type empty;
            description
              "Mark interface trusted";
          }
          leaf block {
            junos:must "(!(".. .. policy"))";
            junos:must-message "Blocked interfaces cannot have policy attached";
            type empty;
            description
              "Block router-advertisement";
          }
        }  // choice mark-intf-type
      }  // container mark-interface
    }  // grouping interface-policy

    grouping juniper-igmp-snooping-options {
      uses apply-advanced;

      leaf use-p2mp-lsp {
        junos:must "(".. .. instance-type vpls")";
        junos:must-message "use-p2mp-lsp supported only on instance type vpls";
        type empty;
        description
          "P2MP will be used to forward traffic instead of PW";
      }

      container snoop-pseudowires {
        junos:must "(".. .. instance-type vpls")";
        junos:must-message "snoop-pseudowires supported only on instance type vpls";
        junos:must "(!(" .. use-p2mp-lsp"))";
        junos:must-message "snoop-pseudowires and use-p2mp-lsp cannot be configured together";
        presence "enable snoop-pseudowires";
        description
          "VPLS PE would send traffic selectively to PE's having interest";
        uses apply-advanced;
      }  // container snoop-pseudowires
    }  // grouping juniper-igmp-snooping-options

    grouping juniper-mld-snooping-options {
      uses apply-advanced;

      leaf use-p2mp-lsp {
        junos:must "(".. .. instance-type vpls")";
        junos:must-message "use-p2mp-lsp supported only on instance type vpls";
        type empty;
        description
          "P2MP will be used to forward traffic instead of PW";
      }

      container snoop-pseudowires {
        junos:must "(".. .. instance-type vpls")";
        junos:must-message "snoop-pseudowires supported only on instance type vpls";
        junos:must "(!(" .. use-p2mp-lsp"))";
        junos:must-message "snoop-pseudowires and use-p2mp-lsp cannot be configured together";
        presence "enable snoop-pseudowires";
        description
          "VPLS PE would send traffic selectively to PE's having interest";
        uses apply-advanced;
      }  // container snoop-pseudowires
    }  // grouping juniper-mld-snooping-options

    grouping juniper-multicast-snooping-options {
      uses apply-advanced;

      container options {
        description "Miscellaneous options";
        uses apply-advanced;

        container syslog {
          description
            "Set system logging level";
          uses apply-advanced;

          container level {
            description "Logging level";
            leaf emergency {
              type empty;
              description "Emergency level";
            }

            leaf alert {
              type empty;
              description "Alert level";
            }

            leaf critical {
              type empty;
              description "Critical level";
            }

            leaf error {
              type empty;
              description "Error level";
            }

            leaf warning {
              type empty;
              description "Warning level";
            }

            leaf notice {
              type empty;
              description "Notice level";
            }

            leaf info {
              type empty;
              description
                "Informational level";
            }

            leaf debug {
              type empty;
              description "Debugging level";
            }
          }  // container level

          leaf upto {
            type enumeration {
              enum "emergency" {
                value 0;
                description
                  "Emergency level";
              }
              enum "alert" {
                value 1;
                description "Alert level";
              }
              enum "critical" {
                value 2;
                description "Critical level";
              }
              enum "error" {
                value 3;
                description "Error level";
              }
              enum "warning" {
                value 4;
                description "Warning level";
              }
              enum "notice" {
                value 5;
                description "Notice level";
              }
              enum "info" {
                value 6;
                description
                  "Informational level";
              }
              enum "debug" {
                value 7;
                description
                  "Debugging level";
              }
            }
            description
              "Log up to a particular logging level";
          }

          leaf mark {
            type union {
              type int32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "seconds";
            description
              "Periodically mark the trace file";
          }
        }  // container syslog
      }  // container options

      container traceoptions {
        description
          "Multicast snooping trace options";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "parse" {
                value 0;
                description
                  "Trace configuration parsing";
              }
              enum "config-internal" {
                value 1;
                description
                  "Trace configuration internals";
              }
              enum "route" {
                value 2;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 3;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 4;
                description
                  "Trace general events";
              }
              enum "state" {
                value 5;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 6;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 7;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 8;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 9;
                description
                  "Trace everything";
              }
            }
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      container forwarding-cache {
        description
          "Multicast forwarding cache";
        uses apply-advanced;

        container threshold {
          description "Threshold";
          uses apply-advanced;

          leaf suppress {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 200000";
              }
            }
            description "Suppress threshold";
          }

          leaf reuse {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 200000";
              }
            }
            description "Reuse threshold";
          }
        }  // container threshold
      }  // container forwarding-cache

      leaf-list flood-groups {
        type jt:ipaddr;
        ordered-by user;
        description
          "Groups for which the traffic will be flooded";
      }

      container host-outbound-traffic {
        description
          "Host generated protocol packets";
        uses apply-advanced;

        leaf forwarding-class {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be string of 64 characters or less";
          }
          description
            "Forwarding class name";
        }

        leaf dot1p {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 7";
            }
          }
          description "Dot1p bits";
        }
      }  // container host-outbound-traffic

      container graceful-restart {
        description
          "Configure graceful restart attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 300";
            }
          }
          units "seconds";
          default "180";
          description
            "Maximum time for graceful restart to finish";
        }
      }  // container graceful-restart

      leaf ignore-stp-topology-change {
        type empty;
        description
          "Don't process stp topology change";
      }

      container multichassis-lag-replicate-state {
        presence
          "enable multichassis-lag-replicate-state";
        description
          "Enable multichassis lag replication";
        uses apply-advanced;

        leaf suppress-report {
          type empty;
          description
            "Enable mclag report suppression";
        }
      }  // container multichassis-lag-replicate-state

      container oism {
        description
          "Optimized inter subnet multicast options";
        uses apply-advanced;

        leaf install-star-g-routes {
          type empty;
          description
            "Install (*,G) multicast routes in data plane";
        }
      }  // container oism

      leaf nexthop-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1000";
          }
        }
        units "milliseconds";
        description
          "Nexthop hold time in milliseconds";
      }
    }  // grouping juniper-multicast-snooping-options

    grouping juniper-next-hop-group-options {
      leaf name {
        type string;
        description "Next hop group name";
      }

      uses apply-advanced;

      leaf group-type {
        type enumeration {
          enum "inet" {
            value 0;
            description
              "Group of family inet next-hops";
          }
          enum "layer-2" {
            value 1;
            description
              "Layer-2 next-hop group";
          }
          enum "inet6" {
            value 2;
            description
              "Group of family inet6 next-hops";
          }
        }
        default "inet";
        description "Next hop group type";
      }

      list interface {
        key "name";
        description
          "Interfaces through which to send sampled traffic";
        uses next_hop_group_intf_type;
      }  // list interface

      list next-hop-subgroup {
        key "name";
        description
          "Group of interfaces through which to send sampled traffic";
        uses juniper-next-hop-subgroup-options;
      }  // list next-hop-subgroup
    }  // grouping juniper-next-hop-group-options

    grouping juniper-next-hop-subgroup-options {
      leaf name {
        junos:must "(".. interface")";
        junos:must-message "At least two interfaces are required for next-hop-subgroup configuration";
        type string;
        description
          "Next-hop sub-group name";
      }

      uses apply-advanced;

      list interface {
        key "name";
        max-elements 16;
        description
          "Interface through which to send the sampled traffic";
        uses next_hop_subgroup_intf_type;
      }  // list interface
    }  // grouping juniper-next-hop-subgroup-options

    grouping juniper-packet-accounting-options {
      leaf name {
        type string;
        description
          "Name for accounting group";
      }

      uses apply-advanced;

      container output {
        description
          "Accounting data disposition";
        uses packet_accounting_output_type;
      }  // container output
    }  // grouping juniper-packet-accounting-options

    grouping juniper-packet-capture-options {
      description "Packet capture options";
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable packet-capture";
        }
      }  // choice enable-disable

      container file {
        description
          "Parameters for file that contains captured packets";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %.]";
            junos:pattern-message "Must not contain '/', '%', '.' or a space";
            length "1 .. 900";
          }
          description "Name of file";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10000";
            }
          }
          default "10";
          description
            "Maximum number of files";
        }

        leaf size {
          type string;
          description "Maximum file size";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read packet-capture files";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read packet-capture files";
          }
        }  // choice world-readable-choice
      }  // container file

      leaf maximum-capture-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "68 .. 1520";
          }
        }
        units "bytes";
        default "68";
        description
          "Maximum packet size to capture";
      }
    }  // grouping juniper-packet-capture-options

    grouping juniper-port-mirror-options {
      uses apply-advanced;

      container traceoptions {
        description
          "Port-mirroring trace options";
        uses sampling_traceoptions_type;
      }  // container traceoptions

      leaf disable {
        type empty;
        description
          "Disable the global port-mirroring instance";
      }

      leaf disable-all-instances {
        type empty;
        description
          "Disable the all port-mirroring instances";
      }

      container input {
        description
          "Settings for sampling of input packets";
        uses pm_family_input_type;
      }  // container input

      container family {
        description
          "Address family of packets to mirror";
        container inet {
          description "Mirror IPv4 packets";
          uses apply-advanced;

          container input {
            junos:must "(!(".. .. .. input"))";
            junos:must-message "input parameters under family and outside family are mutually exclusive";
            status deprecated;
            description
              "Settings for sampling of input packets";
            uses pm_family_input_type;
          }  // container input

          container output {
            description
              "One or more next hops for port-mirrored packets";
            uses inet_pm_family_output_type;
          }  // container output
        }  // container inet

        container mpls {
          description "Mirror MPLS packets";
          uses apply-advanced;

          container input {
            junos:must "(!(".. .. .. input"))";
            junos:must-message "input parameters under family and outside family are mutually exclusive";
            status deprecated;
            description
              "Settings for sampling of input packets";
            uses pm_family_input_type;
          }  // container input

          container output {
            description
              "One or more next hops for port-mirrored packets";
            uses mpls_pm_family_output_type;
          }  // container output
        }  // container mpls

        container any {
          description "Mirror any packets";
          uses apply-advanced;

          container output {
            description
              "One or more next hops for port-mirrored packets";
            uses any_pm_family_output_type;
          }  // container output
        }  // container any

        container vpls {
          description
            "Mirror Layer-2 bridged/vpls packets";
          uses apply-advanced;

          container input {
            junos:must "(!(".. .. ..  input"))";
            junos:must-message "input parameters under family and outside family are mutually exclusive";
            status deprecated;
            description
              "Settings for sampling of input packets";
            uses pm_family_input_type;
          }  // container input

          container output {
            description
              "Destination for port-mirrored packets";
            uses layer2_pm_family_output_type;
          }  // container output
        }  // container vpls

        container ccc {
          description
            "Mirror layer-2 ccc packets";
          uses apply-advanced;

          container input {
            junos:must "(!(".. .. ..  input"))";
            junos:must-message "input parameters under family and outside family are mutually exclusive";
            status deprecated;
            description
              "Settings for sampling of input packets";
            uses pm_family_input_type;
          }  // container input

          container output {
            description
              "Destination for port-mirrored packets";
            uses layer2_pm_family_output_type;
          }  // container output
        }  // container ccc
      }  // container family

      list instance {
        key "name";
        ordered-by user;
        description
          "Instance of port-mirroring parameters";
        leaf name {
          type string {
            junos:posix-pattern "!^((__.*)|(.{65,}))$";
            junos:pattern-message "Must be a non-reserved string of 64 characters or less";
            length "1 .. 63";
          }
          description
            "Name for port-mirroring instance";
        }

        uses apply-advanced;

        leaf disable {
          type empty;
          description
            "Disable the this port-mirroring instance";
        }

        choice input_params_or_instance {
          container input {
            description
              "Settings for sampling of input packets";
            uses pm_family_input_type;
          }  // container input
          leaf input-parameters-instance {
            junos:must "("forwarding-options port-mirroring instance $$")";
            junos:must-message "Referenced port-mirroring instance does not exist";
            type string;
            description
              "Name of port-mirroring instance to use for input parameters";
          }
        }  // choice input_params_or_instance

        container output {
          description
            "One or more next hops for port-mirrored packets";
          uses inet_pm_output_type;
        }  // container output

        container family {
          description
            "Address family of packets to mirror";
          container inet {
            description
              "Mirror IPv4 packets";
            uses apply-advanced;

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "input parameters under family and outside family are mutually exclusive";
              status deprecated;
              description
                "Settings for sampling of input packets";
              uses pm_family_input_type;
            }  // container input

            container output {
              description
                "One or more next hops for port-mirrored packets";
              uses inet_pm_family_output_type;
            }  // container output
          }  // container inet

          container mpls {
            description
              "Mirror MPLS packets";
            uses apply-advanced;

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "input parameters under family and outside family are mutually exclusive";
              status deprecated;
              description
                "Settings for sampling of input packets";
              uses pm_family_input_type;
            }  // container input

            container output {
              description
                "One or more next hops for port-mirrored packets";
              uses mpls_pm_family_output_type;
            }  // container output
          }  // container mpls

          container any {
            description "Mirror any packets";
            uses apply-advanced;

            container output {
              description
                "One or more next hops for port-mirrored packets";
              uses any_pm_family_output_type;
            }  // container output
          }  // container any

          container vpls {
            description
              "Mirror Layer-2 bridged/vpls packets";
            uses apply-advanced;

            container input {
              junos:must "(!(".. .. ..  input"))";
              junos:must-message "input parameters under family and outside family are mutually exclusive";
              status deprecated;
              description
                "Settings for sampling of input packets";
              uses pm_family_input_type;
            }  // container input

            container output {
              description
                "Destination for port-mirrored packets";
              uses layer2_pm_family_output_type;
            }  // container output
          }  // container vpls

          container ccc {
            description
              "Mirror layer-2 ccc packets";
            uses apply-advanced;

            container input {
              junos:must "(!(".. .. ..  input"))";
              junos:must-message "input parameters under family and outside family are mutually exclusive";
              status deprecated;
              description
                "Settings for sampling of input packets";
              uses pm_family_input_type;
            }  // container input

            container output {
              description
                "Destination for port-mirrored packets";
              uses layer2_pm_family_output_type;
            }  // container output
          }  // container ccc
        }  // container family
      }  // list instance
    }  // grouping juniper-port-mirror-options

    grouping any_pm_family_output_type {
      uses apply-advanced;

      choice interface-or-next-hop-index {
        list interface {
          key "name";
          description
            "Interfaces through which to send sampled traffic";
          uses any_pm_intf_type;
        }  // list interface

        case case_2 {
        }  // case case_2
      }  // choice interface-or-next-hop-index

      container hosted-service {
        description
          "Configure Hosted Service";
        uses apply-advanced;

        leaf server-profile {
          junos:must "("services hosted-services server-profile $$")";
          junos:must-message "Only server profiles configured under [services hosted-services server-profile] can be configured here";
          type string {
            length "3 .. 32";
          }
          description "Server profile name";
        }
      }  // container hosted-service
    }  // grouping any_pm_family_output_type

    grouping any_pm_intf_type {
      leaf name {
        junos:must "(!(("interfaces $$-IFL family inet" || "interfaces $$-IFL family inet6")))";
        junos:must-message "An interface configured as family inet/inet6 cannot be configured as output interface";
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface through which to send sampled traffic";
      }

      uses apply-advanced;

      list next-hop {
        key "name";
        ordered-by user;
        description
          "Address of next hop through which to send sampled traffic";
        uses inet_next_hop_type;
      }  // list next-hop
    }  // grouping any_pm_intf_type

    grouping inet_next_hop_type {
      description
        "Address of next hop through which to send sampled traffic";
      leaf name {
        type jt:ipv4addr;
      }

      uses apply-advanced;
    }  // grouping inet_next_hop_type

    grouping inet_pm_family_output_type {
      uses apply-advanced;

      choice interface-or-next-hop-index {
        list interface {
          key "name";
          description
            "Interfaces through which to send sampled traffic";
          uses inet_pm_intf_type;
        }  // list interface

        case case_2 {
        }  // case case_2
      }  // choice interface-or-next-hop-index

      leaf no-filter-check {
        type empty;
        description
          "Do not check for filters on port-mirroring interface";
      }

      leaf ip-address {
        type jt:ipv4addr;
        description
          "ERSPAN Destination IP Address";
      }
    }  // grouping inet_pm_family_output_type

    grouping inet_pm_intf_type {
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface through which to send sampled traffic";
      }

      uses apply-advanced;

      list next-hop {
        key "name";
        ordered-by user;
        description
          "Address of next hop through which to send sampled traffic";
        uses inet_next_hop_type;
      }  // list next-hop
    }  // grouping inet_pm_intf_type

    grouping inet_pm_output_type {
      uses apply-advanced;
    }  // grouping inet_pm_output_type

    grouping juniper-protocols-amt {
      uses apply-advanced;

      container traceoptions {
        description "Trace options for AMT";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all AMT packets";
              }
              enum "errors" {
                value 1;
                description
                  "Trace all error messages";
              }
              enum "tunnels" {
                value 2;
                description
                  "Trace all AMT tunnel messages";
              }
              enum "route" {
                value 3;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 4;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 5;
                description
                  "Trace general events";
              }
              enum "state" {
                value 6;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 7;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 8;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 9;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 10;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      container relay {
        presence "enable relay";
        description "AMT relay";
        uses juniper-protocols-amt-relay;
      }  // container relay
    }  // grouping juniper-protocols-amt

    grouping juniper-protocols-amt-relay {
      uses apply-advanced;

      container family {
        presence "enable family";
        description "Protocol family";
        uses apply-advanced;

        container inet {
          presence "enable inet";
          uses apply-advanced;

          leaf anycast-prefix {
            type jt:ipv4prefix;
            description
              "IPv4 anycast prefix";
          }

          leaf local-address {
            type jt:ipv4addr;
            description "IPv4 local address";
          }
        }  // container inet
      }  // container family

      leaf secret-key-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "5 .. 1440";
          }
        }
        units "minutes";
        description
          "Time interval for the secret key to expire";
      }

      leaf tunnel-limit {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Number of AMT tunnels";
      }

      leaf unicast-stream-limit {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Maximum number of AMT unicast streams(s,g,intf)";
      }

      leaf accounting {
        type empty;
        description "Enable AMT accounting";
      }

      leaf-list tunnel-devices {
        type union {
          type jt:interface-device;
          type string {
            pattern "<.*>|$.*";
          }
        }
        ordered-by user;
        description
          "Tunnel devices to be used for creating ud interfaces";
      }
    }  // grouping juniper-protocols-amt-relay

    grouping juniper-protocols-bd {
      description "Bridging configuration";
      uses apply-advanced;

      container mac-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC address forwarding table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container mac-table-size

      container mac-ip-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-ip-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC+IP bindings table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings";
        }
      }  // container mac-ip-table-size

      container interface-mac-limit {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC address learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses per interface";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
            enum "log" {
              value 2;
              description
                "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
            }
            enum "shutdown" {
              value 3;
              description
                "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
            }
            enum "drop-and-log" {
              value 4;
              description
                "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container interface-mac-limit

      container interface-mac-ip-limit {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-ip-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC+IP bindings learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings per interface";
        }
      }  // container interface-mac-ip-limit

      container mac-notification {
        presence "enable mac-notification";
        description
          "MAC notification options";
        uses apply-advanced;

        leaf notification-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 60";
            }
          }
          units "seconds";
          default "30";
          description
            "Interval for sending MAC notifications";
        }
      }  // container mac-notification

      leaf mac-table-aging-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        units "seconds";
        description
          "Delay for discarding MAC address if no updates are received";
      }

      leaf no-mac-learning {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "no-mac-learning needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Disable dynamic MAC address learning";
      }

      leaf no-normalization {
        type empty;
        description
          "Disable vlan id normalization for interfaces";
      }

      leaf mac-statistics {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-statistics needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Enable MAC address statistics";
      }

      container mib {
        presence "enable mib";
        description "Snmp mib options";
        uses apply-advanced;

        container dot1q-mib {
          presence "enable dot1q-mib";
          description
            "Dot1q MIB configuration options";
          uses apply-advanced;

          leaf port-list {
            type enumeration {
              enum "bit-map" {
                value 0;
                description
                  "Port list is represented in bit-map format";
              }
              enum "string" {
                value 1;
                description
                  "Port list is represented in string format";
              }
            }
            description
              "Port list for staticegressports and staticuntaggedports MIB";
          }
        }  // container dot1q-mib
      }  // container mib

      container static-rvtep-mac {
        description
          "Configure Static MAC and remote VxLAN tunnel endpoint entries";
        uses apply-advanced;

        list mac {
          key "mac_addr remote-vtep";
          description "Unicast MAC address";
          leaf mac_addr {
            type jt:mac-unicast;
          }

          leaf remote-vtep {
            type jt:ipaddr;
            description
              "Configure static remote VXLAN tunnel endpoints";
          }
        }  // list mac
      }  // container static-rvtep-mac

      list interface {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface needs to be specified under switch-options for a virtual-switch instance";
        key "name";
        ordered-by user;
        description
          "Interface that connect this site to the VPN";
        leaf name {
          junos:must "(((".. .. .. interface $$" || (".. .. .. .. .. interface $$" || "interfaces $$-IFL family ethernet-switching vlan")) || (!(".. .. .. .. .. .. .. routing-instances") && ("interfaces $$-IFL family bridge interface-mode" && !(any "routing-instances <*> interface $$")))))";
          junos:must-message "Interface must be part of this routing instance";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container interface-mac-limit {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          description
            "Maximum number of MAC addresses learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC addresses per interface";
          }

          leaf disable {
            type empty;
            description
              "Disable interface for interface-mac-limit";
          }

          leaf packet-action {
            type enumeration {
              enum "none" {
                value 0;
                description
                  "Forward the packet";
              }
              enum "drop" {
                value 1;
                description
                  "Drop packets and do not learn. Default is forward";
              }
              enum "log" {
                value 2;
                description
                  "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
              }
              enum "shutdown" {
                value 3;
                description
                  "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
              }
              enum "drop-and-log" {
                value 4;
                description
                  "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
              }
            }
            description
              "Action when MAC limit is reached";
          }
        }  // container interface-mac-limit

        leaf action-priority {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 8";
            }
          }
          description
            "Blocking priority of this interface on mac move detection";
        }

        list static-mac {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          key "name";
          ordered-by user;
          description
            "Static MAC addresses assigned to this interface";
          leaf name {
            junos:must "((!(".. .. .. .. vlan-id all") || all ".. vlan-id <*>"))";
            junos:must-message " Specify vlan-id for qualified learning ";
            type jt:mac-addr;
            description "MAC address";
          }

          uses apply-advanced;

          list vlan-id {
            junos:must "(".. .. .. .. vlan-id all")";
            junos:must-message "'vlan-id all' has to be configured for the bridging domain";
            key "name";
            ordered-by user;
            description
              "VLAN ID of learning VLAN";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4094";
                }
              }
              description "Learning VLAN";
            }

            uses apply-advanced;
          }  // list vlan-id
        }  // list static-mac

        container interface-mac-ip-limit {
          description
            "Maximum number of MAC+IP bindings learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC+IP bindings per interface";
          }
        }  // container interface-mac-ip-limit

        leaf no-mac-learning {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type empty;
          description
            "Disable dynamic MAC address learning";
        }

        leaf mac-pinning {
          type empty;
          description "Enable MAC pinning";
        }

        leaf persistent-learning {
          junos:must "(!("switch-options mac-table-aging-time "))";
          junos:must-message "Persistent learning can not co-exist with mac-table-aging-time";
          type empty;
          description
            "Enable persistent MAC learning on this interface";
        }
      }  // list interface
    }  // grouping juniper-protocols-bd

    grouping juniper-protocols-bgp {
      uses apply-advanced;

      container path-selection {
        description
          "Configure path selection strategy";
        uses apply-advanced;

        leaf l2vpn-use-bgp-rules {
          type empty;
          description
            "Use standard BGP rules during L2VPN path selection";
        }

        leaf cisco-non-deterministic {
          type empty;
          description
            "Use Cisco IOS nondeterministic path selection algorithm";
        }

        leaf always-compare-med {
          type empty;
          description
            "Always compare MED values, regardless of neighbor AS";
        }

        container med-plus-igp {
          presence "enable med-plus-igp";
          description
            "Add IGP cost to next-hop to MED before comparing MED values";
          uses apply-advanced;

          leaf med-multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 1000";
              }
            }
            default "1";
            description "Multiplier for MED";
          }

          leaf igp-multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 1000";
              }
            }
            default "1";
            description
              "Multiplier for IGP cost to next-hop";
          }
        }  // container med-plus-igp

        leaf external-router-id {
          type empty;
          description
            "Compare router ID on BGP externals";
        }

        leaf as-path-ignore {
          junos:must "(!(".. .. .. .. routing-options multipath as-path-compare"))";
          junos:must-message "Configuring 'as-path-ignore' is not allowed when 'as-path-compare' is enabled for this routing instance";
          type empty;
          description
            "Ignore AS path comparison during path selection";
        }
      }  // container path-selection

      container accept-prpd-connection {
        presence
          "enable accept-prpd-connection";
        description
          "Enable BGP to accept PRPD connections";
      }  // container accept-prpd-connection

      leaf advertise-from-main-vpn-tables {
        type empty;
        description
          "Advertise VPN routes from bgp.Xvpn.0 tables in master instance";
      }

      leaf stale-labels-holddown-period {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "1 .. 600";
          }
        }
        description
          "Duration (sec) MPLS labels allocated by BGP are kept after they go stale";
      }

      leaf holddown-all-stale-labels {
        type empty;
        description
          "Hold all BGP stale-labels, facilating make-before-break for new label advertisements";
      }

      container egress-te-backup-paths {
        description
          "Backup-path for Egress-TE peer interface failure";
        uses apply-advanced;

        list template {
          key "name";
          description "Backup-path template";
          leaf name {
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of 64 characters or less";
            }
            description
              "Name of Egress-TE backup path";
          }

          uses apply-advanced;

          list peer {
            key "name";
            ordered-by user;
            description
              "Egress peer TE backup exit path";
            leaf name {
              type jt:ipaddr;
              description
                "Address of BGP peer to use as backup next-hop";
            }

            uses apply-advanced;
          }  // list peer

          container remote-nexthop {
            description
              "Resolve and use tunnel to this next-hop as backup path";
            uses apply-advanced;

            leaf remote-nh-addr {
              type jt:ipaddr;
              description
                "Address of remote-nexthop to use as backup path";
            }
          }  // container remote-nexthop

          container ip-forward {
            junos:must "(!(".. remote-nexthop"))";
            junos:must-message "'ip-forward' will not take effect as backup when 'remote-nexthop' is in use";
            presence "enable ip-forward";
            description
              "Use IP-forward backup path for Egress TE";
            uses apply-advanced;

            leaf rti-name {
              type string {
                junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
              }
              description
                "Routing-instance to use as IP forward backup-path";
            }
          }  // container ip-forward
        }  // list template
      }  // container egress-te-backup-paths

      leaf sr-preference-override {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Replace received segment routing traffic engineering preference value with override value";
      }

      leaf vpn-apply-export {
        type empty;
        description
          "Apply BGP export policy when exporting VPN routes";
      }

      container family {
        description
          "Protocol family for NLRIs in updates";
        uses apply-advanced;

        container inet {
          description "IPv4 NLRI parameters";
          uses apply-advanced;

          container labeled-unicast {
            presence
              "enable labeled-unicast";
            description
              "Include labeled unicast NLRI";
            uses bgp-afi-labeled;
          }  // container labeled-unicast

          container segment-routing-te {
            presence
              "enable segment-routing-te";
            description
              "Include segment-routing TE policy";
            uses bgp-afi-srte;
          }  // container segment-routing-te

          container transport {
            presence "enable transport";
            description
              "Include Classful Transport NLRI";
            uses bgp-afi-inet-transport;
          }  // container transport

          container unicast {
            presence "enable unicast";
            description
              "Include unicast NLRI";
            uses bgp-afi-topo;
          }  // container unicast

          container multicast {
            presence "enable multicast";
            description
              "Include multicast NLRI";
            uses bgp-afi-default;
          }  // container multicast

          container flow {
            presence "enable flow";
            description "Include flow NLRI";
            uses bgp-afi-flow-with-redirect-ip-action;
          }  // container flow

          container any {
            presence "enable any";
            description
              "Include unicast or multicast NLRI";
            uses bgp-afi-default;
          }  // container any
        }  // container inet

        container inet-vpn {
          description
            "IPv4 Layer 3 VPN NLRI parameters";
          uses apply-advanced;

          container unicast {
            presence "enable unicast";
            description
              "Include unicast NLRI";
            uses bgp-afi-l3vpn;
          }  // container unicast

          container multicast {
            presence "enable multicast";
            description
              "Include multicast NLRI";
            uses bgp-afi-vpn;
          }  // container multicast

          container flow {
            presence "enable flow";
            description
              "Include flow VPN NLRI";
            uses bgp-afi-flow-with-redirect-ip-action;
          }  // container flow

          container any {
            presence "enable any";
            description
              "Include unicast or multicast NLRI";
            uses bgp-afi-vpn;
          }  // container any
        }  // container inet-vpn

        container inet6 {
          description "IPv6 NLRI parameters";
          uses apply-advanced;

          container labeled-unicast {
            presence
              "enable labeled-unicast";
            description
              "Include labeled unicast NLRI";
            uses bgp-afi-inet6-labeled;
          }  // container labeled-unicast

          container segment-routing-te {
            presence
              "enable segment-routing-te";
            description
              "Include segment-routing TE policy";
            uses bgp-afi-srte;
          }  // container segment-routing-te

          container transport {
            presence "enable transport";
            description
              "Include Classful Transport NLRI";
            uses bgp-afi-inet6-transport;
          }  // container transport

          container unicast {
            presence "enable unicast";
            description
              "Include unicast NLRI";
            uses bgp-afi-topo;
          }  // container unicast

          container multicast {
            presence "enable multicast";
            description
              "Include multicast NLRI";
            uses bgp-afi-default;
          }  // container multicast

          container flow {
            presence "enable flow";
            description "Include flow NLRI";
            uses bgp-afi-flow;
          }  // container flow

          container any {
            presence "enable any";
            description
              "Include unicast or multicast NLRI";
            uses bgp-afi-default;
          }  // container any
        }  // container inet6

        container inet6-vpn {
          description
            "IPv6 Layer 3 VPN NLRI parameters";
          uses apply-advanced;

          container unicast {
            presence "enable unicast";
            description
              "Include unicast NLRI";
            uses bgp-afi-l3vpn;
          }  // container unicast

          container multicast {
            presence "enable multicast";
            description
              "Include multicast NLRI";
            uses bgp-afi-vpn;
          }  // container multicast

          container flow {
            presence "enable flow";
            description
              "Include flow VPN NLRI";
            uses bgp-afi-flow;
          }  // container flow

          container any {
            presence "enable any";
            description
              "Include unicast or multicast NLRI";
            uses bgp-afi-vpn;
          }  // container any
        }  // container inet6-vpn

        container iso-vpn {
          description
            "ISO Layer 3 VPN NLRI parameters";
          uses apply-advanced;

          container unicast {
            presence "enable unicast";
            description
              "Include unicast NLRI";
            uses bgp-afi-vpn-protection;
          }  // container unicast
        }  // container iso-vpn

        container l2vpn {
          description
            "MPLS-based Layer 2 VPN and VPLS NLRI parameters";
          uses apply-advanced;

          container auto-discovery-only {
            presence
              "enable auto-discovery-only";
            description
              "Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS";
            uses bgp-afi-default;
          }  // container auto-discovery-only

          container auto-discovery-mspw {
            presence
              "enable auto-discovery-mspw";
            description
              "Include auto-discovery NLRI for LDP Signalled MultiSegment PW";
            uses bgp-afi-default;
          }  // container auto-discovery-mspw

          container signaling {
            presence "enable signaling";
            description
              "Include Layer 2 VPN and VPLS signaling NLRI";
            uses bgp-afi-l2vpn;
          }  // container signaling
        }  // container l2vpn

        container evpn {
          description "EVPN NLRI parameters";
          uses apply-advanced;

          container signaling {
            presence "enable signaling";
            description
              "Include EVPN signaling NLRI";
            uses bgp-afi-default;
          }  // container signaling
        }  // container evpn

        container inet-mvpn {
          description
            "IPv4 MVPN NLRI parameters";
          uses apply-advanced;

          container signaling {
            presence "enable signaling";
            description
              "Include IPv4 multicast VPN signaling NLRI";
            uses bgp-afi-default;
          }  // container signaling
        }  // container inet-mvpn

        container inet6-mvpn {
          description
            "IPv6 MVPN NLRI parameters";
          uses apply-advanced;

          container signaling {
            presence "enable signaling";
            description
              "Include IPv6 multicast VPN signaling NLRI";
            uses bgp-afi-default;
          }  // container signaling
        }  // container inet6-mvpn

        container inet-mdt {
          description
            "IPv4 Multicast Distribution Tree (MDT) NLRI parameters";
          uses apply-advanced;

          container signaling {
            presence "enable signaling";
            description
              "Include IPv4 multicast VPN auto-discovery NLRI";
            uses bgp-afi-default;
          }  // container signaling
        }  // container inet-mdt

        container traffic-engineering {
          description
            "Traffic Engineering (BGP-TE) NLRI parameters";
          uses apply-advanced;

          container unicast {
            presence "enable unicast";
            description
              "Include BGP-TE NLRI";
            uses bgp-afi-default;
          }  // container unicast
        }  // container traffic-engineering

        container route-target {
          presence "enable route-target";
          description
            "Route target NLRI used for VPN route filtering";
          uses apply-advanced;

          container prefix-limit {
            description
              "Limit maximum number of prefixes from a peer";
            uses bgpaf-prefix-limit;
          }  // container prefix-limit

          container accepted-prefix-limit {
            description
              "Limit maximum number of prefixes accepted from a peer";
            uses bgpaf-accepted-prefix-limit;
          }  // container accepted-prefix-limit

          container proxy-generate {
            presence "enable proxy-generate";
            description
              "Generate route target NLRI for peers that don't support it";
            uses apply-advanced;

            leaf-list route-target-policy {
              type jt:policy-algebra;
              ordered-by user;
              description
                "Limit VPN routes that are used to generate proxy route-target filters";
            }
          }  // container proxy-generate

          leaf external-paths {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 256";
              }
            }
            description
              "Number of external paths accepted for route filtering";
          }

          leaf advertise-default {
            type empty;
            description
              "Advertise default and suppress more specific routes";
          }

          leaf damping {
            type empty;
            description
              "Enable route flap damping";
          }

          container graceful-restart {
            description
              "BGP graceful restart options";
            uses bgp-af-gr;
          }  // container graceful-restart

          leaf local-ipv4-address {
            type jt:ipv4addr;
            description "Local IPv4 address";
          }

          container output-queue-priority {
            description
              "Default output-queue to assign updates to";
            uses bgp-output-queue-priority-class;
          }  // container output-queue-priority

          container route-refresh-priority {
            description
              "Default output-queue to assign route refreshes to";
            uses bgp-output-queue-priority-class;
          }  // container route-refresh-priority

          container withdraw-priority {
            description
              "Default output-queue to assign withdrawn routes to";
            uses bgp-output-queue-priority-class;
          }  // container withdraw-priority
        }  // container route-target

        container inet-bgpmcast {
          description
            "IPv4 BGPMCAST NLRI parameters";
          uses apply-advanced;

          container signaling {
            presence "enable signaling";
            description
              "Include IPv4 BGP multicast signaling NLRI";
            uses bgp-afi-default;
          }  // container signaling
        }  // container inet-bgpmcast

        container inet6-bgpmcast {
          description
            "IPv6 BGPMCAST NLRI parameters";
          uses apply-advanced;

          container signaling {
            presence "enable signaling";
            description
              "Include IPv6 BGP multicast signaling NLRI";
            uses bgp-afi-default;
          }  // container signaling
        }  // container inet6-bgpmcast
      }  // container family

      container egress-te {
        presence "enable egress-te";
        description
          "Use Egress Peering traffic engineering";
        uses apply-advanced;

        leaf install-address {
          type jt:ipaddr;
          description
            "Address to use in egress-te created inet route";
        }

        container rib {
          description
            "Select primary table for Egress-TE routes";
          uses apply-advanced;

          leaf inet.0 {
            type empty;
            description
              "Install Egress-TE routes in inet.0";
          }

          leaf inet6.0 {
            type empty;
            description
              "Install Egress-TE routes in inet6.0";
          }
        }  // container rib

        leaf no-install {
          type empty;
          description
            "Avoid installation to FIB or resolving over";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy to set attributes";
        }

        leaf backup-path {
          junos:must "("protocols bgp egress-te-backup-paths template $$")";
          junos:must-message "bgp egress-te-backup-paths template not configured";
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "The 'egress-te-backup-paths template' to use for this peer";
        }
      }  // container egress-te

      leaf advertise-prefix-sid {
        type empty;
        description
          "Advertise prefix sid to E-BGP peers";
      }

      leaf accept-prefix-sid {
        type empty;
        description
          "Accept prefix sid from E-BGP peers";
      }

      leaf advertise-srgb {
        type empty;
        description "Advertise SRGB TLV";
      }

      leaf egress-te-sid-stats {
        type empty;
        description
          "Create BGP-Peer-SID sensor";
      }

      list egress-te-set-segment {
        key "name";
        ordered-by user;
        description
          "Configure BGP-Peer-Set segment";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "The BGP-Peer-Set segment name";
        }

        uses apply-advanced;

        container label {
          description
            "BGP-Peer-Set SID label from static label pool";
          uses apply-advanced;

          leaf label-value {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description
              "BGP-Peer-Set SID label value from static label pool";
          }
        }  // container label

        container egress-te-backup-segment {
          description
            "Backup segment for FRR";
          uses apply-advanced;

          container label {
            description
              "Backup segment label from static label pool";
            uses apply-advanced;

            leaf label-value {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "16 .. 1048575";
                }
              }
              description
                "Backup segment label value from static label pool";
            }
          }  // container label
        }  // container egress-te-backup-segment

        container egress-te-backup-ip-forward {
          presence
            "enable egress-te-backup-ip-forward";
          description
            "Use IP-forward backup path for Egress TE";
          uses apply-advanced;

          leaf instance-name {
            type string {
              junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
              junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
            }
            description
              "Routing-instance to use as IP forward backup-path";
          }
        }  // container egress-te-backup-ip-forward
      }  // list egress-te-set-segment

      list group {
        key "name";
        ordered-by user;
        description "Define a peer group";
        leaf name {
          type string;
          description "Group name";
        }

        uses apply-advanced;

        leaf type {
          type enumeration {
            enum "internal" {
              value 0;
              description "IBGP group";
            }
            enum "external" {
              value 1;
              description "EBGP group";
            }
          }
          description "Type of peer group";
        }

        leaf protocol {
          type enumeration {
            enum "rip" {
              value 0;
              status deprecated;
              description
                "Use RIP to resolve the BGP next hop";
            }
            enum "ospf" {
              value 1;
              status deprecated;
              description
                "Use OSPF to resolve the BGP next hop";
            }
            enum "isis" {
              value 2;
              status deprecated;
              description
                "Use IS-IS to resolve the BGP next hop";
            }
          }
          status deprecated;
          description
            "IGP to use to resolve the next hop";
        }

        container traceoptions {
          description
            "Trace options for BGP";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "damping" {
                  value 0;
                  description
                    "Trace BGP damping information";
                }
                enum "packets" {
                  value 1;
                  description
                    "Trace all BGP protocol packets";
                }
                enum "open" {
                  value 2;
                  description
                    "Trace BGP open packets";
                }
                enum "update" {
                  value 3;
                  description
                    "Trace BGP update packets";
                }
                enum "keepalive" {
                  value 4;
                  description
                    "Trace BGP keepalive packets";
                }
                enum "refresh" {
                  value 5;
                  description
                    "Trace BGP refresh packets";
                }
                enum "nsr-synchronization" {
                  value 6;
                  description
                    "Trace NSR synchronization events";
                }
                enum "bfd" {
                  value 7;
                  description
                    "Trace BFD events";
                }
                enum "4byte-as" {
                  value 8;
                  description
                    "Trace 4 byte AS events";
                }
                enum "add-path" {
                  value 9;
                  description
                    "Trace add-path events";
                }
                enum "graceful-restart" {
                  value 10;
                  description
                    "Trace Graceful Restart events";
                }
                enum "egress-te" {
                  value 11;
                  description
                    "Egress Peering Traffic-Engineering events";
                }
                enum "thread-io" {
                  value 12;
                  description
                    "Trace threaded I/O processing";
                }
                enum "sharding" {
                  value 13;
                  description
                    "Trace BGP rib sharding";
                }
                enum "thread-update-io" {
                  value 14;
                  description
                    "Trace threaded update I/O processing";
                }
                enum "route-validation" {
                  value 15;
                  description
                    "Trace route validation";
                }
                enum "ipsec" {
                  value 16;
                  description "Trace ipsec";
                }
                enum "route" {
                  value 17;
                  description
                    "Trace routing information";
                }
                enum "normal" {
                  value 18;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 19;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 20;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 21;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 22;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 23;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 24;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }

            container filter {
              presence "enable filter";
              description
                "Filter to apply to this flag";
              uses bgp_filter_obj;
            }  // container filter
          }  // list flag
        }  // container traceoptions

        leaf description {
          type string {
            length "1 .. 255";
          }
          description "Text description";
        }

        container metric-out {
          description
            "Route metric sent in MED";
          choice metric_param {
            leaf metric-value {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4294967295";
                }
              }
              description "Metric value";
            }
            container minimum-igp {
              presence "enable minimum-igp";
              description
                "Track the minimum IGP metric";
              leaf metric-offset {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Metric offset for MED";
              }
            }  // container minimum-igp
            container igp {
              presence "enable igp";
              description
                "Track the IGP metric";
              leaf metric-offset {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Metric offset for MED";
              }

              leaf delay-med-update {
                type empty;
                description
                  "Delay updating MED when IGP metric increases";
              }
            }  // container igp
            container effective-aigp {
              presence
                "enable effective-aigp";
              description
                "Track the effective AIGP metric";
              leaf metric-offset {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Metric offset for MED";
              }
            }  // container effective-aigp
            container minimum-effective-aigp {
              presence
                "enable minimum-effective-aigp";
              description
                "Track the minimum effective AIGP metric";
              leaf metric-offset {
                type union {
                  type int32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Metric offset for MED";
              }
            }  // container minimum-effective-aigp
          }  // choice metric_param
        }  // container metric-out

        container multihop {
          presence "enable multihop";
          description
            "Configure an EBGP multihop session";
          uses apply-advanced;

          leaf ttl {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 255";
              }
            }
            description
              "TTL value for the session";
          }

          leaf no-nexthop-change {
            type empty;
            description
              "Do not change next hop to self in advertisements";
          }
        }  // container multihop

        leaf route-server-client {
          type empty;
          description
            "Enable route server client behavior";
        }

        leaf accept-remote-nexthop {
          type empty;
          description
            "Allow import policy to specify a non-directly connected next-hop";
        }

        leaf preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Preference value";
        }

        leaf local-preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Value of LOCAL_PREF path attribute";
        }

        leaf local-address {
          type jt:ipaddr;
          description
            "Address of local end of BGP session";
        }

        leaf local-interface {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Local interface for IPv6 link local EBGP peering";
        }

        leaf forwarding-context {
          type string {
            junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
            junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
          }
          description
            "Routing-instance used for data-forwarding and transport-session";
        }

        leaf hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 65535";
            }
          }
          description
            "Hold time used when negotiating with a peer";
        }

        leaf minimum-hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 65535";
            }
          }
          description
            "Minimum hold time accepted from the peer";
        }

        leaf passive {
          type empty;
          description
            "Do not send open messages to a peer";
        }

        leaf advertise-inactive {
          type empty;
          description
            "Advertise inactive routes";
        }

        choice advertise-peer-as-choice {
          leaf advertise-peer-as {
            type empty;
            description
              "Advertise routes received from the same autonomous system";
          }
          leaf no-advertise-peer-as {
            type empty;
            description
              "Don't advertise routes received from the same autonomous system";
          }
        }  // choice advertise-peer-as-choice

        container advertise-external {
          presence
            "enable advertise-external";
          description
            "Advertise best external routes";
          leaf conditional {
            type empty;
            description
              "Route matches active route upto med-comparison rule";
          }
        }  // container advertise-external

        leaf keep {
          type enumeration {
            enum "all" {
              value 0;
              description
                "Retain all routes";
            }
            enum "none" {
              value 1;
              description "Retain no routes";
            }
          }
          description
            "How to retain routes in the routing table";
        }

        leaf rfc6514-compliant-safi129 {
          type empty;
          description
            "Compliant with RFC6514 SAFI129 format";
        }

        leaf no-aggregator-id {
          type empty;
          description
            "Set router ID in aggregator path attribute to 0";
        }

        leaf mtu-discovery {
          type empty;
          description
            "Enable TCP path MTU discovery";
        }

        leaf enforce-first-as {
          type empty;
          description
            "Enforce first AS in AS-path is the neighbor's AS";
        }

        leaf out-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 65535";
            }
          }
          description
            "How long before exporting routes from routing table";
        }

        leaf ttl {
          junos:must "((!(".. .. type internal") && !(".. multihop")))";
          junos:must-message "This option is valid only for single-hop EBGP neighbor";
          type enumeration {
            enum "1" {
              value 0;
            }
            enum "255" {
              value 1;
            }
          }
          description
            "TTL value for the single-hop peer";
        }

        leaf log-updown {
          type empty;
          description
            "Log a message for peer state transitions";
        }

        leaf damping {
          type empty;
          description
            "Enable route flap damping";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }

        leaf-list nlri {
          type enumeration {
            enum "unicast" {
              value 0;
              status deprecated;
              description
                "Include unicast NLRI";
            }
            enum "multicast" {
              value 1;
              status deprecated;
              description
                "Include multicast NLRI";
            }
            enum "any" {
              value 2;
              status deprecated;
              description
                "Include any kind of NLRI";
            }
          }
          ordered-by user;
          status deprecated;
          description
            "NLRI type to include in updates";
        }

        container bgp-error-tolerance {
          presence
            "enable bgp-error-tolerance";
          description
            "Handle BGP malformed updates softly";
          uses apply-advanced;

          leaf malformed-update-log-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 65535";
              }
            }
            units "seconds";
            default "300";
            description
              "Time used when logging malformed update";
          }

          choice malformed-routes-limit-choice {
            leaf malformed-route-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4294967295";
                }
              }
              default "1000";
              description
                "Maximum number of malformed routes from a peer";
            }
            leaf no-malformed-route-limit {
              type empty;
              description
                "No malformed route limit";
            }
          }  // choice malformed-routes-limit-choice
        }  // container bgp-error-tolerance

        container family {
          description
            "Protocol family for NLRIs in updates";
          uses apply-advanced;

          container inet {
            description
              "IPv4 NLRI parameters";
            uses apply-advanced;

            container labeled-unicast {
              presence
                "enable labeled-unicast";
              description
                "Include labeled unicast NLRI";
              uses bgp-afi-labeled;
            }  // container labeled-unicast

            container segment-routing-te {
              presence
                "enable segment-routing-te";
              description
                "Include segment-routing TE policy";
              uses bgp-afi-srte;
            }  // container segment-routing-te

            container transport {
              presence "enable transport";
              description
                "Include Classful Transport NLRI";
              uses bgp-afi-inet-transport;
            }  // container transport

            container unicast {
              presence "enable unicast";
              description
                "Include unicast NLRI";
              uses bgp-afi-topo;
            }  // container unicast

            container multicast {
              presence "enable multicast";
              description
                "Include multicast NLRI";
              uses bgp-afi-default;
            }  // container multicast

            container flow {
              presence "enable flow";
              description
                "Include flow NLRI";
              uses bgp-afi-flow-with-redirect-ip-action;
            }  // container flow

            container any {
              presence "enable any";
              description
                "Include unicast or multicast NLRI";
              uses bgp-afi-default;
            }  // container any
          }  // container inet

          container inet-vpn {
            description
              "IPv4 Layer 3 VPN NLRI parameters";
            uses apply-advanced;

            container unicast {
              presence "enable unicast";
              description
                "Include unicast NLRI";
              uses bgp-afi-l3vpn;
            }  // container unicast

            container multicast {
              presence "enable multicast";
              description
                "Include multicast NLRI";
              uses bgp-afi-vpn;
            }  // container multicast

            container flow {
              presence "enable flow";
              description
                "Include flow VPN NLRI";
              uses bgp-afi-flow-with-redirect-ip-action;
            }  // container flow

            container any {
              presence "enable any";
              description
                "Include unicast or multicast NLRI";
              uses bgp-afi-vpn;
            }  // container any
          }  // container inet-vpn

          container inet6 {
            description
              "IPv6 NLRI parameters";
            uses apply-advanced;

            container labeled-unicast {
              presence
                "enable labeled-unicast";
              description
                "Include labeled unicast NLRI";
              uses bgp-afi-inet6-labeled;
            }  // container labeled-unicast

            container segment-routing-te {
              presence
                "enable segment-routing-te";
              description
                "Include segment-routing TE policy";
              uses bgp-afi-srte;
            }  // container segment-routing-te

            container transport {
              presence "enable transport";
              description
                "Include Classful Transport NLRI";
              uses bgp-afi-inet6-transport;
            }  // container transport

            container unicast {
              presence "enable unicast";
              description
                "Include unicast NLRI";
              uses bgp-afi-topo;
            }  // container unicast

            container multicast {
              presence "enable multicast";
              description
                "Include multicast NLRI";
              uses bgp-afi-default;
            }  // container multicast

            container flow {
              presence "enable flow";
              description
                "Include flow NLRI";
              uses bgp-afi-flow;
            }  // container flow

            container any {
              presence "enable any";
              description
                "Include unicast or multicast NLRI";
              uses bgp-afi-default;
            }  // container any
          }  // container inet6

          container inet6-vpn {
            description
              "IPv6 Layer 3 VPN NLRI parameters";
            uses apply-advanced;

            container unicast {
              presence "enable unicast";
              description
                "Include unicast NLRI";
              uses bgp-afi-l3vpn;
            }  // container unicast

            container multicast {
              presence "enable multicast";
              description
                "Include multicast NLRI";
              uses bgp-afi-vpn;
            }  // container multicast

            container flow {
              presence "enable flow";
              description
                "Include flow VPN NLRI";
              uses bgp-afi-flow;
            }  // container flow

            container any {
              presence "enable any";
              description
                "Include unicast or multicast NLRI";
              uses bgp-afi-vpn;
            }  // container any
          }  // container inet6-vpn

          container iso-vpn {
            description
              "ISO Layer 3 VPN NLRI parameters";
            uses apply-advanced;

            container unicast {
              presence "enable unicast";
              description
                "Include unicast NLRI";
              uses bgp-afi-vpn-protection;
            }  // container unicast
          }  // container iso-vpn

          container l2vpn {
            description
              "MPLS-based Layer 2 VPN and VPLS NLRI parameters";
            uses apply-advanced;

            container auto-discovery-only {
              presence
                "enable auto-discovery-only";
              description
                "Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS";
              uses bgp-afi-default;
            }  // container auto-discovery-only

            container auto-discovery-mspw {
              presence
                "enable auto-discovery-mspw";
              description
                "Include auto-discovery NLRI for LDP Signalled MultiSegment PW";
              uses bgp-afi-default;
            }  // container auto-discovery-mspw

            container signaling {
              presence "enable signaling";
              description
                "Include Layer 2 VPN and VPLS signaling NLRI";
              uses bgp-afi-l2vpn;
            }  // container signaling
          }  // container l2vpn

          container evpn {
            description
              "EVPN NLRI parameters";
            uses apply-advanced;

            container signaling {
              presence "enable signaling";
              description
                "Include EVPN signaling NLRI";
              uses bgp-afi-default;
            }  // container signaling
          }  // container evpn

          container inet-mvpn {
            description
              "IPv4 MVPN NLRI parameters";
            uses apply-advanced;

            container signaling {
              presence "enable signaling";
              description
                "Include IPv4 multicast VPN signaling NLRI";
              uses bgp-afi-default;
            }  // container signaling
          }  // container inet-mvpn

          container inet6-mvpn {
            description
              "IPv6 MVPN NLRI parameters";
            uses apply-advanced;

            container signaling {
              presence "enable signaling";
              description
                "Include IPv6 multicast VPN signaling NLRI";
              uses bgp-afi-default;
            }  // container signaling
          }  // container inet6-mvpn

          container inet-mdt {
            description
              "IPv4 Multicast Distribution Tree (MDT) NLRI parameters";
            uses apply-advanced;

            container signaling {
              presence "enable signaling";
              description
                "Include IPv4 multicast VPN auto-discovery NLRI";
              uses bgp-afi-default;
            }  // container signaling
          }  // container inet-mdt

          container traffic-engineering {
            description
              "Traffic Engineering (BGP-TE) NLRI parameters";
            uses apply-advanced;

            container unicast {
              presence "enable unicast";
              description
                "Include BGP-TE NLRI";
              uses bgp-afi-default;
            }  // container unicast
          }  // container traffic-engineering

          container route-target {
            presence "enable route-target";
            description
              "Route target NLRI used for VPN route filtering";
            uses apply-advanced;

            container prefix-limit {
              description
                "Limit maximum number of prefixes from a peer";
              uses bgpaf-prefix-limit;
            }  // container prefix-limit

            container accepted-prefix-limit {
              description
                "Limit maximum number of prefixes accepted from a peer";
              uses bgpaf-accepted-prefix-limit;
            }  // container accepted-prefix-limit

            container proxy-generate {
              presence
                "enable proxy-generate";
              description
                "Generate route target NLRI for peers that don't support it";
              uses apply-advanced;

              leaf-list route-target-policy {
                type jt:policy-algebra;
                ordered-by user;
                description
                  "Limit VPN routes that are used to generate proxy route-target filters";
              }
            }  // container proxy-generate

            leaf external-paths {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 256";
                }
              }
              description
                "Number of external paths accepted for route filtering";
            }

            leaf advertise-default {
              type empty;
              description
                "Advertise default and suppress more specific routes";
            }

            leaf damping {
              type empty;
              description
                "Enable route flap damping";
            }

            container graceful-restart {
              description
                "BGP graceful restart options";
              uses bgp-af-gr;
            }  // container graceful-restart

            leaf local-ipv4-address {
              type jt:ipv4addr;
              description
                "Local IPv4 address";
            }

            container output-queue-priority {
              description
                "Default output-queue to assign updates to";
              uses bgp-output-queue-priority-class;
            }  // container output-queue-priority

            container route-refresh-priority {
              description
                "Default output-queue to assign route refreshes to";
              uses bgp-output-queue-priority-class;
            }  // container route-refresh-priority

            container withdraw-priority {
              description
                "Default output-queue to assign withdrawn routes to";
              uses bgp-output-queue-priority-class;
            }  // container withdraw-priority
          }  // container route-target

          container inet-bgpmcast {
            description
              "IPv4 BGPMCAST NLRI parameters";
            uses apply-advanced;

            container signaling {
              presence "enable signaling";
              description
                "Include IPv4 BGP multicast signaling NLRI";
              uses bgp-afi-default;
            }  // container signaling
          }  // container inet-bgpmcast

          container inet6-bgpmcast {
            description
              "IPv6 BGPMCAST NLRI parameters";
            uses apply-advanced;

            container signaling {
              presence "enable signaling";
              description
                "Include IPv6 BGP multicast signaling NLRI";
              uses bgp-afi-default;
            }  // container signaling
          }  // container inet6-bgpmcast
        }  // container family

        leaf authentication-key {
          type string {
            length "1 .. 126";
          }
          description
            "MD5 authentication key";
        }

        leaf authentication-algorithm {
          junos:must "(".. authentication-key-chain")";
          junos:must-message "May not be configured without authentication-key-chain";
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "md5" {
              value 0;
              description "Message Digest 5";
            }
            enum "hmac-sha-1-96" {
              value 1;
              description
                "Hash-based Message Authentication Code (SHA1) (96 bits)";
            }
            enum "aes-128-cmac-96" {
              value 2;
              description
                "Cipher-based Message Authentication Code (AES128) (96 bits)";
            }
            enum "ao" {
              value 3;
              description
                "TCP Authentication Option";
            }
          }
          description
            "Authentication algorithm name";
        }

        leaf tcpao-handling-with-digest-mismatch {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "drop-if-no-tcpao" {
              value 0;
              description
                "Drop the connection if Digest mismatched";
            }
            enum "allow-without-tcpao" {
              value 1;
              description
                "Allow the connection establishment without TCP-AO";
            }
          }
          description
            "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
        }

        leaf authentication-key-chain {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          junos:must "("security authentication-key-chains key-chain $$")";
          junos:must-message "Referenced key-chain must be defined";
          type string {
            length "1 .. 128";
          }
          description "Key chain name";
        }

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description "Export policy";
        }

        container remove-private {
          presence "enable remove-private";
          description
            "Remove well-known private AS numbers";
          uses apply-advanced;

          container all {
            presence "enable all";
            description
              "Remove all private AS numbers and do not stop at the first public AS number";
            container replace {
              presence "enable replace";
              description
                "Replace private AS numbers with the BGP Group's local AS number";
              leaf nearest {
                type empty;
                description
                  "Use closest public AS number to replace a private AS number";
              }
            }  // container replace
          }  // container all

          leaf no-peer-loop-check {
            type empty;
            description
              "Remove peer loop-check";
          }
        }  // container remove-private

        leaf cluster {
          type jt:areaid;
          description "Cluster identifier";
        }

        leaf no-client-reflect {
          type empty;
          description
            "Disable intracluster route redistribution";
        }

        leaf peer-as {
          type string {
            junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
            junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
          }
          description
            " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
        }

        container local-as {
          description
            "Local autonomous system number";
          leaf as-number {
            type string {
              junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
              junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
            }
            description
              " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
          }

          leaf loops {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "1 .. 10";
              }
            }
            description
              "Maximum number of times this AS can be in an AS path";
          }

          leaf private {
            type empty;
            description
              "Hide this local AS in paths learned from this peering";
          }

          leaf alias {
            type empty;
            description
              "Treat this AS as an alias to the system AS";
          }

          leaf no-prepend-global-as {
            type empty;
            description
              "Do not prepend global autonomous-system number in advertised paths";
          }
        }  // container local-as

        leaf ipsec-sa {
          junos:must "("security ipsec security-association $$")";
          junos:must-message "Referenced IPSec Security Association must be defined";
          type string {
            length "1 .. 32";
          }
          description "IPSec SA name";
        }

        container graceful-shutdown {
          description
            "BGP peer graceful shutdown option";
          uses apply-advanced;

          container receiver {
            presence "enable receiver";
            description
              "BGP peer graceful-shutdown receiver";
            uses apply-advanced;

            leaf disable {
              junos:must "(!(".. .. sender"))";
              junos:must-message "Receiver cannot be disabled on Sender";
              type empty;
              description
                "Disable graceful-shutdown receiver";
            }

            leaf local-preference {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Value of receiver LOCAL_PREF path attribute";
            }
          }  // container receiver

          container sender {
            presence "enable sender";
            description
              "BGP peer graceful-shutdown sender";
            uses apply-advanced;

            leaf local-preference {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Value of sender LOCAL_PREF path attribute";
            }
          }  // container sender
        }  // container graceful-shutdown

        container shutdown {
          presence "enable shutdown";
          description "Shutdown";
          uses apply-advanced;

          leaf notify-message {
            type string;
            description
              "Notification message";
          }
        }  // container shutdown

        leaf unconfigured-peer-graceful-restart {
          junos:must "(".. graceful-restart")";
          junos:must-message "unconfigured-peer-graceful-restart is only valid with 'graceful-restart'";
          type empty;
          description
            "BGP unconfigured peer graceful restart options";
        }

        container graceful-restart {
          presence "enable graceful-restart";
          description
            "BGP graceful restart options";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable graceful restart";
            }
          }  // choice enable-disable

          leaf restart-time {
            junos:must "(("routing-options graceful-restart" || "fabric routing-options graceful-restart"))";
            junos:must-message "restart-time is only valid with 'routing-options graceful-restart'";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1800";
              }
            }
            description
              "Restart time used when negotiating with a peer";
          }

          leaf stale-routes-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1800";
              }
            }
            description
              "Maximum time for which stale routes are kept";
          }

          container long-lived {
            description
              "Long-lived graceful restart options";
            uses apply-advanced;

            container receiver {
              description
                "Long-lived graceful restart receiver (helper) options";
              uses apply-advanced;

              choice enable-disable {
                leaf disable {
                  type empty;
                  description
                    "Disable receiver (helper) functionality";
                }
              }  // choice enable-disable
            }  // container receiver

            container advertise-to-non-llgr-neighbor {
              presence
                "enable advertise-to-non-llgr-neighbor";
              description
                "Advertise stale routes to non-LLGR neighbors";
              uses apply-advanced;

              leaf omit-no-export {
                type empty;
                description
                  "Do not attach no-export community to stale routes";
              }
            }  // container advertise-to-non-llgr-neighbor
          }  // container long-lived

          leaf disable-notification-extensions {
            type empty;
            description
              "Disable notification extensions";
          }

          leaf forwarding-state-bit {
            type enumeration {
              enum "as-rr-client" {
                value 0;
                description
                  "As for a route reflector client";
              }
              enum "from-fib" {
                value 1;
                description
                  "Always use state of associated FIB(s)";
              }
            }
            description
              "Control forwarding-state flag negotiation";
          }

          leaf dont-help-shared-fate-bfd-down {
            type empty;
            description
              "Honor BFD-Down(C=0) if GR-restart not in progress";
          }
        }  // container graceful-restart

        leaf include-mp-next-hop {
          type empty;
          description
            "Include NEXT-HOP attribute in multiprotocol updates";
        }

        leaf disable-4byte-as {
          type empty;
          description
            "Disable 4 byte AS capability advertisement";
        }

        container idle-after-switch-over {
          description
            "Stop peer session from coming up after nonstop-routing switch-over";
          choice idle-interval {
            leaf forever {
              type empty;
              description
                "Idle the peer until the user intervenes";
            }
            leaf timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              description
                "Timeout value, in seconds, for starting peer after switch over";
            }
          }  // choice idle-interval
        }  // container idle-after-switch-over

        container outbound-route-filter {
          junos:must "(!("system processes routing bgp update-threading"))";
          junos:must-message "Can't be configured together with update-threading";
          description
            "Dynamically negotiated cooperative route filtering";
          uses apply-advanced;

          leaf bgp-orf-cisco-mode {
            type empty;
            description
              "Using BGP ORF capability code 130 and Prefix ORF type 128";
          }

          container extended-community {
            status deprecated;
            description
              "Extended community filtering";
            uses apply-advanced;

            choice accept-choice {
              leaf accept {
                type empty;
                description
                  "Honor remote requests for extended community ORF";
              }
              leaf no-accept {
                type empty;
                description
                  "Don't honor remote requests for extended community ORF";
              }
            }  // choice accept-choice

            leaf vrf-filter {
              type empty;
              description
                "Request remote filtering using locally configured VRF import targets";
            }
          }  // container extended-community

          container prefix-based {
            presence "enable prefix-based";
            description
              "Prefix-based outbound route filtering";
            uses apply-advanced;

            container accept {
              presence "enable accept";
              description
                "Honor Prefix-based ORFs from remote peers";
              uses apply-advanced;

              leaf inet {
                type empty;
                description
                  "Honor IPv4 prefix filters";
              }

              leaf inet6 {
                type empty;
                description
                  "Honor IPv6 prefix filters";
              }
            }  // container accept
          }  // container prefix-based
        }  // container outbound-route-filter

        container message-batching {
          status deprecated;
          description
            "DEPRECATED - Batching of outgoing messages";
          uses apply-advanced;

          choice enable-disable {
            leaf enable {
              type empty;
              description "Enable parameter";
            }
            leaf disable {
              type empty;
              description
                "Disable parameter";
            }
          }  // choice enable-disable

          leaf interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "100 .. 1000";
              }
            }
            units "milliseconds";
            default "250";
            description
              "DEPRECATED - Interval over which to batch messages";
          }
        }  // container message-batching

        container multipath {
          presence "enable multipath";
          description
            "Allow load sharing among multiple BGP paths";
          uses apply-advanced;

          leaf disable {
            type empty;
            description "Disable Multipath";
          }

          leaf multiple-as {
            type empty;
            description
              "Use paths received from different ASs";
          }

          leaf allow-protection {
            type empty;
            description
              "Allow protection for multipath legs";
          }

          leaf pause-computation-during-churn {
            type empty;
            description
              "Pause multipath job to absorb churn";
          }

          leaf list-nexthop {
            type empty;
            description
              "Use List-NH for homogenous nexthop-set also";
          }
        }  // container multipath

        leaf tcp-mss {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 4096";
            }
          }
          description
            "Maximum TCP segment size";
        }

        leaf bgp-identifier {
          type jt:ipv4addr;
          description "BGP Identifier";
        }

        leaf tcp-aggressive-transmission {
          type empty;
          description
            "Enable aggressive transmission of pure TCP ACKs and retransmissions";
        }

        container bmp {
          description
            "Specific settings to override the routing-options settings";
          uses apply-advanced;

          leaf monitor {
            type enumeration {
              enum "enable" {
                value 0;
                description
                  "Enable monitoring of BGP peer(s)";
              }
              enum "disable" {
                value 1;
                description
                  "Disable monitoring of BGP peer(s)";
              }
            }
            description
              "Enable/Disable monitoring";
          }

          container route-monitoring {
            description
              "Control route monitoring settings";
            uses apply-advanced;

            leaf none {
              junos:must "((!(".. pre-policy") && (!(".. post-policy") && !(".. rib-out"))))";
              junos:must-message "May not be configured with pre-policy or post-policy or rib-out";
              type empty;
              description
                "Do not send route monitoring messages";
            }

            container pre-policy {
              presence "enable pre-policy";
              description
                "Send pre-policy route monitoring messages";
              leaf exclude-non-feasible {
                type empty;
                description
                  "Exclude looped routes, etc";
              }
            }  // container pre-policy

            container post-policy {
              presence "enable post-policy";
              description
                "Send post-policy route monitoring messages";
              leaf exclude-non-eligible {
                type empty;
                description
                  "Exclude unresolved routes, etc.";
              }
            }  // container post-policy

            container rib-out {
              junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
              junos:must-message "Update threading can't be configured together with bmp rib-out monitoring";
              presence "enable rib-out";
              description
                "Send adj-ribs-out route monitoring messages";
              leaf pre-policy {
                type empty;
                description
                  "Send pre-policy adj-ribs-out route monitoring messages";
              }

              leaf post-policy {
                type empty;
                description
                  "Send post-policy adj-ribs-out route monitoring messages";
              }
            }  // container rib-out
          }  // container route-monitoring
        }  // container bmp

        container advertise-bgp-static {
          presence
            "enable advertise-bgp-static";
          description
            "Advertise bgp-static routes";
          uses apply-advanced;

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Static route advertisement policy";
          }
        }  // container advertise-bgp-static

        leaf add-path-display-ipv4-address {
          type empty;
          description
            "Display add-path path-id in IPv4 address format";
        }

        container bfd-liveness-detection {
          description
            "Bidirectional Forwarding Detection (BFD) options";
          uses apply-advanced;

          leaf version {
            type enumeration {
              enum "0" {
                value 0;
                description
                  "BFD version 0 (deprecated)";
              }
              enum "1" {
                value 1;
                description "BFD version 1";
              }
              enum "automatic" {
                value 2;
                description
                  "Choose BFD version automatically";
              }
            }
            default "automatic";
            description
              "BFD protocol version number";
          }

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit and receive interval";
          }

          leaf minimum-transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            status deprecated;
            description
              "Minimum transmit interval";
          }

          leaf minimum-receive-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum receive interval";
          }

          leaf multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            default "3";
            description
              "Detection time multiplier";
          }

          choice adaptation-choice {
            leaf no-adaptation {
              type empty;
              description
                "Disable adaptation";
            }
          }  // choice adaptation-choice

          container transmit-interval {
            description
              "Transmit-interval options";
            uses apply-advanced;

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit interval";
            }

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High transmit interval triggering a trap";
            }
          }  // container transmit-interval

          container detection-time {
            description
              "Detection-time options";
            uses apply-advanced;

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High detection-time triggering a trap";
            }
          }  // container detection-time

          container authentication {
            description
              "Authentication options";
            uses apply-advanced;

            leaf key-chain {
              junos:must "(".. algorithm")";
              junos:must-message "May not be configured without algorithm";
              junos:must "("security authentication-key-chains key-chain $$")";
              junos:must-message "Referenced key-chain must be defined";
              type string;
              description "Key chain name";
            }

            leaf algorithm {
              junos:must "(".. key-chain")";
              junos:must-message "May not be configured without key-chain";
              type enumeration {
                enum "simple-password" {
                  value 0;
                  description
                    "Simple password";
                }
                enum "keyed-md5" {
                  value 1;
                  description
                    "Keyed message Digest 5";
                }
                enum "meticulous-keyed-md5" {
                  value 2;
                  description
                    "Meticulous keyed message Digest 5";
                }
                enum "keyed-sha-1" {
                  value 3;
                  description
                    "Keyed secure hash algorithm (SHA1) ";
                }
                enum
                  "meticulous-keyed-sha-1" {
                  value 4;
                  description
                    "Meticulous keyed secure hash algorithm (SHA1) ";
                }
              }
              description "Algorithm name";
            }

            leaf loose-check {
              type empty;
              description
                "Verify authentication only if authentication is negotiated";
            }
          }  // container authentication

          leaf session-mode {
            type enumeration {
              enum "automatic" {
                value 0;
                description
                  "Choose session-mode automatically";
              }
              enum "single-hop" {
                value 1;
                description "Use single-hop";
              }
              enum "multihop" {
                value 2;
                description "Use multihop";
              }
            }
            default "automatic";
            description
              "BFD single-hop or multihop session-mode";
          }

          leaf holddown-interval {
            junos:must "(!(".. .. type internal"))";
            junos:must-message "bfd holddown-interval is only valid for EBGP.";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Time to hold the session-UP notification to the client";
          }
        }  // container bfd-liveness-detection

        leaf as-override {
          type empty;
          description
            "Replace neighbor AS number with our AS number";
        }

        leaf-list allow {
          type jt:ipprefix;
          ordered-by user;
          description
            "Configure peer connections for specific networks";
        }

        list dynamic-neighbor {
          key "name";
          ordered-by user;
          description
            "Configure peer options for specific networks";
          leaf name {
            junos:must "((".. allow" || ".. peer-auto-discovery"))";
            junos:must-message "dynamic-neighbor must enable allow or peer-auto-discovery";
            type string;
            description "Template name";
          }

          uses apply-advanced;

          leaf-list allow {
            type jt:ipprefix;
            ordered-by user;
            description
              "Configure peer connections for specific networks";
          }

          leaf authentication-key {
            type string {
              length "1 .. 126";
            }
            description
              "MD5 authentication key";
          }

          leaf authentication-algorithm {
            junos:must "(".. authentication-key-chain")";
            junos:must-message "May not be configured without authentication-key-chain";
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "md5" {
                value 0;
                description
                  "Message Digest 5";
              }
              enum "hmac-sha-1-96" {
                value 1;
                description
                  "Hash-based Message Authentication Code (SHA1) (96 bits)";
              }
              enum "aes-128-cmac-96" {
                value 2;
                description
                  "Cipher-based Message Authentication Code (AES128) (96 bits)";
              }
              enum "ao" {
                value 3;
                description
                  "TCP Authentication Option";
              }
            }
            description
              "Authentication algorithm name";
          }

          leaf tcpao-handling-with-digest-mismatch {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "drop-if-no-tcpao" {
                value 0;
                description
                  "Drop the connection if Digest mismatched";
              }
              enum "allow-without-tcpao" {
                value 1;
                description
                  "Allow the connection establishment without TCP-AO";
              }
            }
            description
              "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
          }

          leaf authentication-key-chain {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string {
              length "1 .. 128";
            }
            description "Key chain name";
          }

          container peer-auto-discovery {
            junos:must "((!(".. authentication-algorithm") && (!(".. .. authentication-algorithm") && !(".. .. .. authentication-algorithm"))))";
            junos:must-message "Can't be configured along with authentication-algorithm";
            junos:must "((!(".. authentication-key") && (!(".. .. authentication-key") && !(".. .. .. authentication-key"))))";
            junos:must-message "Can't be configured along with authentication-key";
            junos:must "(!(".. allow"))";
            junos:must-message "peer-auto-discovery and allow cannot be configured in the same dynamic-neighbor";
            junos:must "((!(".. .. type internal") && !(".. .. multihop")))";
            junos:must-message "peer-auto-discovery is valid only for single-hop EBGP neighbor";
            description
              "Configure auto-discovery options for BGP neighbors";
            uses apply-advanced;

            container family {
              description
                "Address family based neighbor auto-discovery parameters";
              container inet6 {
                uses apply-advanced;

                choice auto-discovery-type {
                  container ipv6-nd {
                    presence
                      "enable ipv6-nd";
                    description
                      "Use ipv6 neighbor discovery to learn neighbor address";
                  }  // container ipv6-nd
                }  // choice auto-discovery-type
              }  // container inet6
            }  // container family

            list interface {
              key "name";
              leaf name {
                type union {
                  type jt:interface-name;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Configure interfaces over which to discover bgp neighbors";
              }

              uses apply-advanced;

              choice enable-disable {
                leaf disable {
                  type empty;
                  description
                    "Disable peer discovery on interface";
                }
              }  // choice enable-disable
            }  // list interface
          }  // container peer-auto-discovery
        }  // list dynamic-neighbor

        container optimal-route-reflection {
          junos:must "(".. type internal")";
          junos:must-message "Must be configured with type internal";
          description
            "Enable optimal route reflection for this client group";
          uses apply-advanced;

          leaf igp-primary {
            type jt:ipv4addr;
            description
              "Primary node identifier for this client group";
          }

          leaf igp-backup {
            type jt:ipv4addr;
            description
              "Backup node identifier for this client group";
          }
        }  // container optimal-route-reflection

        leaf peer-as-list {
          junos:must "((".. allow" || ".. dynamic-neighbor"))";
          junos:must-message "May be configured only with allow or dynamic-neighbor";
          type string;
          description
            "Configure list of peer autonomous systems for unconfigured neighbors";
        }

        leaf mvpn-iana-rt-import {
          type empty;
          status deprecated;
          description
            "Use IANA assigned rt-import type value for MVPN";
        }

        list neighbor {
          key "name";
          ordered-by user;
          description "Configure a neighbor";
          leaf name {
            type jt:ipaddr-scoped;
          }

          uses apply-advanced;

          container traceoptions {
            description
              "Trace options for BGP";
            uses apply-advanced;

            container file {
              description
                "Trace file options";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf replace {
                type empty;
                status deprecated;
                description
                  "Replace trace file rather than appending to it";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "10";
                description
                  "Maximum number of trace files";
              }

              leaf no-stamp {
                type empty;
                status deprecated;
                description
                  "Do not timestamp trace file";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "damping" {
                    value 0;
                    description
                      "Trace BGP damping information";
                  }
                  enum "packets" {
                    value 1;
                    description
                      "Trace all BGP protocol packets";
                  }
                  enum "open" {
                    value 2;
                    description
                      "Trace BGP open packets";
                  }
                  enum "update" {
                    value 3;
                    description
                      "Trace BGP update packets";
                  }
                  enum "keepalive" {
                    value 4;
                    description
                      "Trace BGP keepalive packets";
                  }
                  enum "refresh" {
                    value 5;
                    description
                      "Trace BGP refresh packets";
                  }
                  enum "nsr-synchronization" {
                    value 6;
                    description
                      "Trace NSR synchronization events";
                  }
                  enum "bfd" {
                    value 7;
                    description
                      "Trace BFD events";
                  }
                  enum "4byte-as" {
                    value 8;
                    description
                      "Trace 4 byte AS events";
                  }
                  enum "add-path" {
                    value 9;
                    description
                      "Trace add-path events";
                  }
                  enum "graceful-restart" {
                    value 10;
                    description
                      "Trace Graceful Restart events";
                  }
                  enum "egress-te" {
                    value 11;
                    description
                      "Egress Peering Traffic-Engineering events";
                  }
                  enum "thread-io" {
                    value 12;
                    description
                      "Trace threaded I/O processing";
                  }
                  enum "sharding" {
                    value 13;
                    description
                      "Trace BGP rib sharding";
                  }
                  enum "thread-update-io" {
                    value 14;
                    description
                      "Trace threaded update I/O processing";
                  }
                  enum "route-validation" {
                    value 15;
                    description
                      "Trace route validation";
                  }
                  enum "ipsec" {
                    value 16;
                    description
                      "Trace ipsec";
                  }
                  enum "route" {
                    value 17;
                    description
                      "Trace routing information";
                  }
                  enum "normal" {
                    value 18;
                    description
                      "Trace normal events";
                  }
                  enum "general" {
                    value 19;
                    description
                      "Trace general events";
                  }
                  enum "state" {
                    value 20;
                    description
                      "Trace state transitions";
                  }
                  enum "policy" {
                    value 21;
                    description
                      "Trace policy processing";
                  }
                  enum "task" {
                    value 22;
                    description
                      "Trace routing protocol task processing";
                  }
                  enum "timer" {
                    value 23;
                    description
                      "Trace routing protocol timer processing";
                  }
                  enum "all" {
                    value 24;
                    description
                      "Trace everything";
                  }
                }
              }

              leaf send {
                type empty;
                description
                  "Trace transmitted packets";
              }

              leaf receive {
                type empty;
                description
                  "Trace received packets";
              }

              leaf detail {
                type empty;
                description
                  "Trace detailed information";
              }

              leaf disable {
                type empty;
                description
                  "Disable this trace flag";
              }

              container filter {
                presence "enable filter";
                description
                  "Filter to apply to this flag";
                uses bgp_filter_obj;
              }  // container filter
            }  // list flag
          }  // container traceoptions

          leaf description {
            type string {
              length "1 .. 255";
            }
            description "Text description";
          }

          container metric-out {
            description
              "Route metric sent in MED";
            choice metric_param {
              leaf metric-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 4294967295";
                  }
                }
                description "Metric value";
              }
              container minimum-igp {
                presence
                  "enable minimum-igp";
                description
                  "Track the minimum IGP metric";
                leaf metric-offset {
                  type union {
                    type int32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Metric offset for MED";
                }
              }  // container minimum-igp
              container igp {
                presence "enable igp";
                description
                  "Track the IGP metric";
                leaf metric-offset {
                  type union {
                    type int32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Metric offset for MED";
                }

                leaf delay-med-update {
                  type empty;
                  description
                    "Delay updating MED when IGP metric increases";
                }
              }  // container igp
              container effective-aigp {
                presence
                  "enable effective-aigp";
                description
                  "Track the effective AIGP metric";
                leaf metric-offset {
                  type union {
                    type int32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Metric offset for MED";
                }
              }  // container effective-aigp
              container minimum-effective-aigp {
                presence
                  "enable minimum-effective-aigp";
                description
                  "Track the minimum effective AIGP metric";
                leaf metric-offset {
                  type union {
                    type int32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Metric offset for MED";
                }
              }  // container minimum-effective-aigp
            }  // choice metric_param
          }  // container metric-out

          container multihop {
            presence "enable multihop";
            description
              "Configure an EBGP multihop session";
            uses apply-advanced;

            leaf ttl {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "1 .. 255";
                }
              }
              description
                "TTL value for the session";
            }

            leaf no-nexthop-change {
              type empty;
              description
                "Do not change next hop to self in advertisements";
            }
          }  // container multihop

          leaf route-server-client {
            type empty;
            description
              "Enable route server client behavior";
          }

          leaf accept-remote-nexthop {
            type empty;
            description
              "Allow import policy to specify a non-directly connected next-hop";
          }

          leaf preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Preference value";
          }

          leaf local-preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Value of LOCAL_PREF path attribute";
          }

          leaf local-address {
            type jt:ipaddr;
            description
              "Address of local end of BGP session";
          }

          leaf local-interface {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Local interface for IPv6 link local EBGP peering";
          }

          leaf forwarding-context {
            type string {
              junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
              junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
            }
            description
              "Routing-instance used for data-forwarding and transport-session";
          }

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 65535";
              }
            }
            description
              "Hold time used when negotiating with a peer";
          }

          leaf minimum-hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "3 .. 65535";
              }
            }
            description
              "Minimum hold time accepted from the peer";
          }

          leaf passive {
            type empty;
            description
              "Do not send open messages to a peer";
          }

          leaf advertise-inactive {
            type empty;
            description
              "Advertise inactive routes";
          }

          choice advertise-peer-as-choice {
            leaf advertise-peer-as {
              type empty;
              description
                "Advertise routes received from the same autonomous system";
            }
            leaf no-advertise-peer-as {
              type empty;
              description
                "Don't advertise routes received from the same autonomous system";
            }
          }  // choice advertise-peer-as-choice

          container advertise-external {
            presence
              "enable advertise-external";
            description
              "Advertise best external routes";
            leaf conditional {
              type empty;
              description
                "Route matches active route upto med-comparison rule";
            }
          }  // container advertise-external

          leaf keep {
            type enumeration {
              enum "all" {
                value 0;
                description
                  "Retain all routes";
              }
              enum "none" {
                value 1;
                description
                  "Retain no routes";
              }
            }
            description
              "How to retain routes in the routing table";
          }

          leaf rfc6514-compliant-safi129 {
            type empty;
            description
              "Compliant with RFC6514 SAFI129 format";
          }

          leaf no-aggregator-id {
            type empty;
            description
              "Set router ID in aggregator path attribute to 0";
          }

          leaf mtu-discovery {
            type empty;
            description
              "Enable TCP path MTU discovery";
          }

          leaf enforce-first-as {
            type empty;
            description
              "Enforce first AS in AS-path is the neighbor's AS";
          }

          leaf out-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 65535";
              }
            }
            description
              "How long before exporting routes from routing table";
          }

          leaf ttl {
            junos:must "((!(".. .. type internal") && !(".. multihop")))";
            junos:must-message "This option is valid only for single-hop EBGP neighbor";
            type enumeration {
              enum "1" {
                value 0;
              }
              enum "255" {
                value 1;
              }
            }
            description
              "TTL value for the single-hop peer";
          }

          leaf log-updown {
            type empty;
            description
              "Log a message for peer state transitions";
          }

          leaf damping {
            type empty;
            description
              "Enable route flap damping";
          }

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description "Import policy";
          }

          leaf-list nlri {
            type enumeration {
              enum "unicast" {
                value 0;
                status deprecated;
                description
                  "Include unicast NLRI";
              }
              enum "multicast" {
                value 1;
                status deprecated;
                description
                  "Include multicast NLRI";
              }
              enum "any" {
                value 2;
                status deprecated;
                description
                  "Include any kind of NLRI";
              }
            }
            ordered-by user;
            status deprecated;
            description
              "NLRI type to include in updates";
          }

          container bgp-error-tolerance {
            presence
              "enable bgp-error-tolerance";
            description
              "Handle BGP malformed updates softly";
            uses apply-advanced;

            leaf malformed-update-log-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10 .. 65535";
                }
              }
              units "seconds";
              default "300";
              description
                "Time used when logging malformed update";
            }

            choice malformed-routes-limit-choice {
              leaf malformed-route-limit {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 4294967295";
                  }
                }
                default "1000";
                description
                  "Maximum number of malformed routes from a peer";
              }
              leaf no-malformed-route-limit {
                type empty;
                description
                  "No malformed route limit";
              }
            }  // choice malformed-routes-limit-choice
          }  // container bgp-error-tolerance

          container family {
            description
              "Protocol family for NLRIs in updates";
            uses apply-advanced;

            container inet {
              description
                "IPv4 NLRI parameters";
              uses apply-advanced;

              container labeled-unicast {
                presence
                  "enable labeled-unicast";
                description
                  "Include labeled unicast NLRI";
                uses bgp-afi-labeled;
              }  // container labeled-unicast

              container segment-routing-te {
                presence
                  "enable segment-routing-te";
                description
                  "Include segment-routing TE policy";
                uses bgp-afi-srte;
              }  // container segment-routing-te

              container transport {
                presence "enable transport";
                description
                  "Include Classful Transport NLRI";
                uses bgp-afi-inet-transport;
              }  // container transport

              container unicast {
                presence "enable unicast";
                description
                  "Include unicast NLRI";
                uses bgp-afi-topo;
              }  // container unicast

              container multicast {
                presence "enable multicast";
                description
                  "Include multicast NLRI";
                uses bgp-afi-default;
              }  // container multicast

              container flow {
                presence "enable flow";
                description
                  "Include flow NLRI";
                uses bgp-afi-flow-with-redirect-ip-action;
              }  // container flow

              container any {
                presence "enable any";
                description
                  "Include unicast or multicast NLRI";
                uses bgp-afi-default;
              }  // container any
            }  // container inet

            container inet-vpn {
              description
                "IPv4 Layer 3 VPN NLRI parameters";
              uses apply-advanced;

              container unicast {
                presence "enable unicast";
                description
                  "Include unicast NLRI";
                uses bgp-afi-l3vpn;
              }  // container unicast

              container multicast {
                presence "enable multicast";
                description
                  "Include multicast NLRI";
                uses bgp-afi-vpn;
              }  // container multicast

              container flow {
                presence "enable flow";
                description
                  "Include flow VPN NLRI";
                uses bgp-afi-flow-with-redirect-ip-action;
              }  // container flow

              container any {
                presence "enable any";
                description
                  "Include unicast or multicast NLRI";
                uses bgp-afi-vpn;
              }  // container any
            }  // container inet-vpn

            container inet6 {
              description
                "IPv6 NLRI parameters";
              uses apply-advanced;

              container labeled-unicast {
                presence
                  "enable labeled-unicast";
                description
                  "Include labeled unicast NLRI";
                uses bgp-afi-inet6-labeled;
              }  // container labeled-unicast

              container segment-routing-te {
                presence
                  "enable segment-routing-te";
                description
                  "Include segment-routing TE policy";
                uses bgp-afi-srte;
              }  // container segment-routing-te

              container transport {
                presence "enable transport";
                description
                  "Include Classful Transport NLRI";
                uses bgp-afi-inet6-transport;
              }  // container transport

              container unicast {
                presence "enable unicast";
                description
                  "Include unicast NLRI";
                uses bgp-afi-topo;
              }  // container unicast

              container multicast {
                presence "enable multicast";
                description
                  "Include multicast NLRI";
                uses bgp-afi-default;
              }  // container multicast

              container flow {
                presence "enable flow";
                description
                  "Include flow NLRI";
                uses bgp-afi-flow;
              }  // container flow

              container any {
                presence "enable any";
                description
                  "Include unicast or multicast NLRI";
                uses bgp-afi-default;
              }  // container any
            }  // container inet6

            container inet6-vpn {
              description
                "IPv6 Layer 3 VPN NLRI parameters";
              uses apply-advanced;

              container unicast {
                presence "enable unicast";
                description
                  "Include unicast NLRI";
                uses bgp-afi-l3vpn;
              }  // container unicast

              container multicast {
                presence "enable multicast";
                description
                  "Include multicast NLRI";
                uses bgp-afi-vpn;
              }  // container multicast

              container flow {
                presence "enable flow";
                description
                  "Include flow VPN NLRI";
                uses bgp-afi-flow;
              }  // container flow

              container any {
                presence "enable any";
                description
                  "Include unicast or multicast NLRI";
                uses bgp-afi-vpn;
              }  // container any
            }  // container inet6-vpn

            container iso-vpn {
              description
                "ISO Layer 3 VPN NLRI parameters";
              uses apply-advanced;

              container unicast {
                presence "enable unicast";
                description
                  "Include unicast NLRI";
                uses bgp-afi-vpn-protection;
              }  // container unicast
            }  // container iso-vpn

            container l2vpn {
              description
                "MPLS-based Layer 2 VPN and VPLS NLRI parameters";
              uses apply-advanced;

              container auto-discovery-only {
                presence
                  "enable auto-discovery-only";
                description
                  "Include auto-discovery NLRI for LDP Layer 2 VPN and VPLS";
                uses bgp-afi-default;
              }  // container auto-discovery-only

              container auto-discovery-mspw {
                presence
                  "enable auto-discovery-mspw";
                description
                  "Include auto-discovery NLRI for LDP Signalled MultiSegment PW";
                uses bgp-afi-default;
              }  // container auto-discovery-mspw

              container signaling {
                presence "enable signaling";
                description
                  "Include Layer 2 VPN and VPLS signaling NLRI";
                uses bgp-afi-l2vpn;
              }  // container signaling
            }  // container l2vpn

            container evpn {
              description
                "EVPN NLRI parameters";
              uses apply-advanced;

              container signaling {
                presence "enable signaling";
                description
                  "Include EVPN signaling NLRI";
                uses bgp-afi-default;
              }  // container signaling
            }  // container evpn

            container inet-mvpn {
              description
                "IPv4 MVPN NLRI parameters";
              uses apply-advanced;

              container signaling {
                presence "enable signaling";
                description
                  "Include IPv4 multicast VPN signaling NLRI";
                uses bgp-afi-default;
              }  // container signaling
            }  // container inet-mvpn

            container inet6-mvpn {
              description
                "IPv6 MVPN NLRI parameters";
              uses apply-advanced;

              container signaling {
                presence "enable signaling";
                description
                  "Include IPv6 multicast VPN signaling NLRI";
                uses bgp-afi-default;
              }  // container signaling
            }  // container inet6-mvpn

            container inet-mdt {
              description
                "IPv4 Multicast Distribution Tree (MDT) NLRI parameters";
              uses apply-advanced;

              container signaling {
                presence "enable signaling";
                description
                  "Include IPv4 multicast VPN auto-discovery NLRI";
                uses bgp-afi-default;
              }  // container signaling
            }  // container inet-mdt

            container traffic-engineering {
              description
                "Traffic Engineering (BGP-TE) NLRI parameters";
              uses apply-advanced;

              container unicast {
                presence "enable unicast";
                description
                  "Include BGP-TE NLRI";
                uses bgp-afi-default;
              }  // container unicast
            }  // container traffic-engineering

            container route-target {
              presence "enable route-target";
              description
                "Route target NLRI used for VPN route filtering";
              uses apply-advanced;

              container prefix-limit {
                description
                  "Limit maximum number of prefixes from a peer";
                uses bgpaf-prefix-limit;
              }  // container prefix-limit

              container accepted-prefix-limit {
                description
                  "Limit maximum number of prefixes accepted from a peer";
                uses bgpaf-accepted-prefix-limit;
              }  // container accepted-prefix-limit

              container proxy-generate {
                presence
                  "enable proxy-generate";
                description
                  "Generate route target NLRI for peers that don't support it";
                uses apply-advanced;

                leaf-list route-target-policy {
                  type jt:policy-algebra;
                  ordered-by user;
                  description
                    "Limit VPN routes that are used to generate proxy route-target filters";
                }
              }  // container proxy-generate

              leaf external-paths {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 256";
                  }
                }
                description
                  "Number of external paths accepted for route filtering";
              }

              leaf advertise-default {
                type empty;
                description
                  "Advertise default and suppress more specific routes";
              }

              leaf damping {
                type empty;
                description
                  "Enable route flap damping";
              }

              container graceful-restart {
                description
                  "BGP graceful restart options";
                uses bgp-af-gr;
              }  // container graceful-restart

              leaf local-ipv4-address {
                type jt:ipv4addr;
                description
                  "Local IPv4 address";
              }

              container output-queue-priority {
                description
                  "Default output-queue to assign updates to";
                uses bgp-output-queue-priority-class;
              }  // container output-queue-priority

              container route-refresh-priority {
                description
                  "Default output-queue to assign route refreshes to";
                uses bgp-output-queue-priority-class;
              }  // container route-refresh-priority

              container withdraw-priority {
                description
                  "Default output-queue to assign withdrawn routes to";
                uses bgp-output-queue-priority-class;
              }  // container withdraw-priority
            }  // container route-target

            container inet-bgpmcast {
              description
                "IPv4 BGPMCAST NLRI parameters";
              uses apply-advanced;

              container signaling {
                presence "enable signaling";
                description
                  "Include IPv4 BGP multicast signaling NLRI";
                uses bgp-afi-default;
              }  // container signaling
            }  // container inet-bgpmcast

            container inet6-bgpmcast {
              description
                "IPv6 BGPMCAST NLRI parameters";
              uses apply-advanced;

              container signaling {
                presence "enable signaling";
                description
                  "Include IPv6 BGP multicast signaling NLRI";
                uses bgp-afi-default;
              }  // container signaling
            }  // container inet6-bgpmcast
          }  // container family

          leaf authentication-key {
            type string {
              length "1 .. 126";
            }
            description
              "MD5 authentication key";
          }

          leaf authentication-algorithm {
            junos:must "(".. authentication-key-chain")";
            junos:must-message "May not be configured without authentication-key-chain";
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "md5" {
                value 0;
                description
                  "Message Digest 5";
              }
              enum "hmac-sha-1-96" {
                value 1;
                description
                  "Hash-based Message Authentication Code (SHA1) (96 bits)";
              }
              enum "aes-128-cmac-96" {
                value 2;
                description
                  "Cipher-based Message Authentication Code (AES128) (96 bits)";
              }
              enum "ao" {
                value 3;
                description
                  "TCP Authentication Option";
              }
            }
            description
              "Authentication algorithm name";
          }

          leaf tcpao-handling-with-digest-mismatch {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "drop-if-no-tcpao" {
                value 0;
                description
                  "Drop the connection if Digest mismatched";
              }
              enum "allow-without-tcpao" {
                value 1;
                description
                  "Allow the connection establishment without TCP-AO";
              }
            }
            description
              "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
          }

          leaf authentication-key-chain {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string {
              length "1 .. 128";
            }
            description "Key chain name";
          }

          leaf-list export {
            type jt:policy-algebra;
            ordered-by user;
            description "Export policy";
          }

          container remove-private {
            presence "enable remove-private";
            description
              "Remove well-known private AS numbers";
            uses apply-advanced;

            container all {
              presence "enable all";
              description
                "Remove all private AS numbers and do not stop at the first public AS number";
              container replace {
                presence "enable replace";
                description
                  "Replace private AS numbers with the BGP Group's local AS number";
                leaf nearest {
                  type empty;
                  description
                    "Use closest public AS number to replace a private AS number";
                }
              }  // container replace
            }  // container all

            leaf no-peer-loop-check {
              type empty;
              description
                "Remove peer loop-check";
            }
          }  // container remove-private

          leaf cluster {
            type jt:areaid;
            description "Cluster identifier";
          }

          leaf no-client-reflect {
            type empty;
            description
              "Disable intracluster route redistribution";
          }

          leaf peer-as {
            type string {
              junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
              junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
            }
            description
              " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
          }

          container local-as {
            description
              "Local autonomous system number";
            leaf as-number {
              type string {
                junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
              }
              description
                " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
            }

            leaf loops {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type int32 {
                  range "1 .. 10";
                }
              }
              description
                "Maximum number of times this AS can be in an AS path";
            }

            leaf private {
              type empty;
              description
                "Hide this local AS in paths learned from this peering";
            }

            leaf alias {
              type empty;
              description
                "Treat this AS as an alias to the system AS";
            }

            leaf no-prepend-global-as {
              type empty;
              description
                "Do not prepend global autonomous-system number in advertised paths";
            }
          }  // container local-as

          leaf ipsec-sa {
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec Security Association must be defined";
            type string {
              length "1 .. 32";
            }
            description "IPSec SA name";
          }

          container graceful-shutdown {
            description
              "BGP peer graceful shutdown option";
            uses apply-advanced;

            container receiver {
              presence "enable receiver";
              description
                "BGP peer graceful-shutdown receiver";
              uses apply-advanced;

              leaf disable {
                junos:must "(!(".. .. sender"))";
                junos:must-message "Receiver cannot be disabled on Sender";
                type empty;
                description
                  "Disable graceful-shutdown receiver";
              }

              leaf local-preference {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Value of receiver LOCAL_PREF path attribute";
              }
            }  // container receiver

            container sender {
              presence "enable sender";
              description
                "BGP peer graceful-shutdown sender";
              uses apply-advanced;

              leaf local-preference {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Value of sender LOCAL_PREF path attribute";
              }
            }  // container sender
          }  // container graceful-shutdown

          container shutdown {
            presence "enable shutdown";
            description "Shutdown";
            uses apply-advanced;

            leaf notify-message {
              type string;
              description
                "Notification message";
            }
          }  // container shutdown

          leaf unconfigured-peer-graceful-restart {
            junos:must "(".. graceful-restart")";
            junos:must-message "unconfigured-peer-graceful-restart is only valid with 'graceful-restart'";
            type empty;
            description
              "BGP unconfigured peer graceful restart options";
          }

          container graceful-restart {
            presence
              "enable graceful-restart";
            description
              "BGP graceful restart options";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable graceful restart";
              }
            }  // choice enable-disable

            leaf restart-time {
              junos:must "(("routing-options graceful-restart" || "fabric routing-options graceful-restart"))";
              junos:must-message "restart-time is only valid with 'routing-options graceful-restart'";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1800";
                }
              }
              description
                "Restart time used when negotiating with a peer";
            }

            leaf stale-routes-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1800";
                }
              }
              description
                "Maximum time for which stale routes are kept";
            }

            container long-lived {
              description
                "Long-lived graceful restart options";
              uses apply-advanced;

              container receiver {
                description
                  "Long-lived graceful restart receiver (helper) options";
                uses apply-advanced;

                choice enable-disable {
                  leaf disable {
                    type empty;
                    description
                      "Disable receiver (helper) functionality";
                  }
                }  // choice enable-disable
              }  // container receiver

              container advertise-to-non-llgr-neighbor {
                presence
                  "enable advertise-to-non-llgr-neighbor";
                description
                  "Advertise stale routes to non-LLGR neighbors";
                uses apply-advanced;

                leaf omit-no-export {
                  type empty;
                  description
                    "Do not attach no-export community to stale routes";
                }
              }  // container advertise-to-non-llgr-neighbor
            }  // container long-lived

            leaf disable-notification-extensions {
              type empty;
              description
                "Disable notification extensions";
            }

            leaf forwarding-state-bit {
              type enumeration {
                enum "as-rr-client" {
                  value 0;
                  description
                    "As for a route reflector client";
                }
                enum "from-fib" {
                  value 1;
                  description
                    "Always use state of associated FIB(s)";
                }
              }
              description
                "Control forwarding-state flag negotiation";
            }

            leaf dont-help-shared-fate-bfd-down {
              type empty;
              description
                "Honor BFD-Down(C=0) if GR-restart not in progress";
            }
          }  // container graceful-restart

          leaf include-mp-next-hop {
            type empty;
            description
              "Include NEXT-HOP attribute in multiprotocol updates";
          }

          leaf disable-4byte-as {
            type empty;
            description
              "Disable 4 byte AS capability advertisement";
          }

          container idle-after-switch-over {
            description
              "Stop peer session from coming up after nonstop-routing switch-over";
            choice idle-interval {
              leaf forever {
                type empty;
                description
                  "Idle the peer until the user intervenes";
              }
              leaf timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                description
                  "Timeout value, in seconds, for starting peer after switch over";
              }
            }  // choice idle-interval
          }  // container idle-after-switch-over

          container outbound-route-filter {
            junos:must "(!("system processes routing bgp update-threading"))";
            junos:must-message "Can't be configured together with update-threading";
            description
              "Dynamically negotiated cooperative route filtering";
            uses apply-advanced;

            leaf bgp-orf-cisco-mode {
              type empty;
              description
                "Using BGP ORF capability code 130 and Prefix ORF type 128";
            }

            container extended-community {
              status deprecated;
              description
                "Extended community filtering";
              uses apply-advanced;

              choice accept-choice {
                leaf accept {
                  type empty;
                  description
                    "Honor remote requests for extended community ORF";
                }
                leaf no-accept {
                  type empty;
                  description
                    "Don't honor remote requests for extended community ORF";
                }
              }  // choice accept-choice

              leaf vrf-filter {
                type empty;
                description
                  "Request remote filtering using locally configured VRF import targets";
              }
            }  // container extended-community

            container prefix-based {
              presence "enable prefix-based";
              description
                "Prefix-based outbound route filtering";
              uses apply-advanced;

              container accept {
                presence "enable accept";
                description
                  "Honor Prefix-based ORFs from remote peers";
                uses apply-advanced;

                leaf inet {
                  type empty;
                  description
                    "Honor IPv4 prefix filters";
                }

                leaf inet6 {
                  type empty;
                  description
                    "Honor IPv6 prefix filters";
                }
              }  // container accept
            }  // container prefix-based
          }  // container outbound-route-filter

          container message-batching {
            status deprecated;
            description
              "DEPRECATED - Batching of outgoing messages";
            uses apply-advanced;

            choice enable-disable {
              leaf enable {
                type empty;
                description
                  "Enable parameter";
              }
              leaf disable {
                type empty;
                description
                  "Disable parameter";
              }
            }  // choice enable-disable

            leaf interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "100 .. 1000";
                }
              }
              units "milliseconds";
              default "250";
              description
                "DEPRECATED - Interval over which to batch messages";
            }
          }  // container message-batching

          container multipath {
            presence "enable multipath";
            description
              "Allow load sharing among multiple BGP paths";
            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable Multipath";
            }

            leaf multiple-as {
              type empty;
              description
                "Use paths received from different ASs";
            }

            leaf allow-protection {
              type empty;
              description
                "Allow protection for multipath legs";
            }

            leaf pause-computation-during-churn {
              type empty;
              description
                "Pause multipath job to absorb churn";
            }

            leaf list-nexthop {
              type empty;
              description
                "Use List-NH for homogenous nexthop-set also";
            }
          }  // container multipath

          leaf tcp-mss {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4096";
              }
            }
            description
              "Maximum TCP segment size";
          }

          leaf bgp-identifier {
            type jt:ipv4addr;
            description "BGP Identifier";
          }

          leaf tcp-aggressive-transmission {
            type empty;
            description
              "Enable aggressive transmission of pure TCP ACKs and retransmissions";
          }

          container bmp {
            description
              "Specific settings to override the routing-options settings";
            uses apply-advanced;

            leaf monitor {
              type enumeration {
                enum "enable" {
                  value 0;
                  description
                    "Enable monitoring of BGP peer(s)";
                }
                enum "disable" {
                  value 1;
                  description
                    "Disable monitoring of BGP peer(s)";
                }
              }
              description
                "Enable/Disable monitoring";
            }

            container route-monitoring {
              description
                "Control route monitoring settings";
              uses apply-advanced;

              leaf none {
                junos:must "((!(".. pre-policy") && (!(".. post-policy") && !(".. rib-out"))))";
                junos:must-message "May not be configured with pre-policy or post-policy or rib-out";
                type empty;
                description
                  "Do not send route monitoring messages";
              }

              container pre-policy {
                presence "enable pre-policy";
                description
                  "Send pre-policy route monitoring messages";
                leaf exclude-non-feasible {
                  type empty;
                  description
                    "Exclude looped routes, etc";
                }
              }  // container pre-policy

              container post-policy {
                presence
                  "enable post-policy";
                description
                  "Send post-policy route monitoring messages";
                leaf exclude-non-eligible {
                  type empty;
                  description
                    "Exclude unresolved routes, etc.";
                }
              }  // container post-policy

              container rib-out {
                junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
                junos:must-message "Update threading can't be configured together with bmp rib-out monitoring";
                presence "enable rib-out";
                description
                  "Send adj-ribs-out route monitoring messages";
                leaf pre-policy {
                  type empty;
                  description
                    "Send pre-policy adj-ribs-out route monitoring messages";
                }

                leaf post-policy {
                  type empty;
                  description
                    "Send post-policy adj-ribs-out route monitoring messages";
                }
              }  // container rib-out
            }  // container route-monitoring
          }  // container bmp

          container advertise-bgp-static {
            presence
              "enable advertise-bgp-static";
            description
              "Advertise bgp-static routes";
            uses apply-advanced;

            leaf-list policy {
              type jt:policy-algebra;
              ordered-by user;
              description
                "Static route advertisement policy";
            }
          }  // container advertise-bgp-static

          leaf add-path-display-ipv4-address {
            type empty;
            description
              "Display add-path path-id in IPv4 address format";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication

            leaf session-mode {
              type enumeration {
                enum "automatic" {
                  value 0;
                  description
                    "Choose session-mode automatically";
                }
                enum "single-hop" {
                  value 1;
                  description
                    "Use single-hop";
                }
                enum "multihop" {
                  value 2;
                  description "Use multihop";
                }
              }
              default "automatic";
              description
                "BFD single-hop or multihop session-mode";
            }

            leaf holddown-interval {
              junos:must "(!(".. .. .. type internal"))";
              junos:must-message "bfd holddown-interval is only valid for EBGP.";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Time to hold the session-UP notification to the client";
            }
          }  // container bfd-liveness-detection

          leaf as-override {
            type empty;
            description
              "Replace neighbor AS number with our AS number";
          }

          container egress-te-node-segment {
            description
              "Configure BGP-Peer-Node segment";
            uses apply-advanced;

            container label {
              description
                "BGP-Peer-Node SID label from static label pool";
              uses apply-advanced;

              leaf label-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "16 .. 1048575";
                  }
                }
                description
                  "BGP-Peer-Node SID label value from static label pool";
              }
            }  // container label

            container egress-te-set {
              description
                "Configure as a member of a SET segment";
              uses apply-advanced;

              leaf set-name {
                junos:must "("protocols bgp egress-te-set-segment $$")";
                junos:must-message "protocols bgp egress-te-set-segment not configured";
                type string {
                  junos:posix-pattern "^.{1,64}$";
                  junos:pattern-message "Must be a string of 64 characters or less";
                }
                description "Set name";
              }

              leaf weight {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Weight for set segment";
              }
            }  // container egress-te-set

            container egress-te-backup-segment {
              description
                "Backup segment for FRR";
              uses apply-advanced;

              container label {
                description
                  "Backup segment label from static label pool";
                uses apply-advanced;

                leaf label-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Backup segment label value from static label pool";
                }
              }  // container label
            }  // container egress-te-backup-segment

            container egress-te-backup-ip-forward {
              presence
                "enable egress-te-backup-ip-forward";
              description
                "Use IP-forward backup path for Egress TE";
              uses apply-advanced;

              leaf instance-name {
                type string {
                  junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                  junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                }
                description
                  "Routing-instance to use as IP forward backup-path";
              }
            }  // container egress-te-backup-ip-forward
          }  // container egress-te-node-segment

          list egress-te-adj-segment {
            key "name";
            description
              "Configure BGP-Peer-Adj segment";
            leaf name {
              type string {
                junos:posix-pattern "^.{1,64}$";
                junos:pattern-message "Must be a string of 64 characters or less";
              }
              description
                "The BGP-Adj-Set segment name";
            }

            uses apply-advanced;

            container label {
              junos:must "(".. next-hop")";
              junos:must-message "The 'egress-te-adj-segment next-hop' must be configured";
              description
                "BGP-Peer-Adj SID label from static label pool";
              uses apply-advanced;

              leaf label-value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "16 .. 1048575";
                  }
                }
                description
                  "BGP-Peer-Adj SID label value from static label pool";
              }
            }  // container label

            container next-hop {
              junos:must "(".. label")";
              junos:must-message "The 'egress-te-adj-segment label' must be configured";
              description
                "Address of directly connected next-hop to use";
              uses apply-advanced;

              leaf next-hop-addr {
                type jt:ipaddr;
                description
                  "Address of directly connected next-hop";
              }
            }  // container next-hop

            container egress-te-set {
              description
                "Configure as a member of a SET segment";
              uses apply-advanced;

              leaf set-name {
                junos:must "("protocols bgp egress-te-set-segment $$")";
                junos:must-message "protocols bgp egress-te-set-segment not configured";
                type string {
                  junos:posix-pattern "^.{1,64}$";
                  junos:pattern-message "Must be a string of 64 characters or less";
                }
                description "Set name";
              }

              leaf weight {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Weight for set segment";
              }
            }  // container egress-te-set

            container egress-te-backup-segment {
              description
                "Backup segment for FRR";
              uses apply-advanced;

              container label {
                description
                  "Backup segment label from static label pool";
                uses apply-advanced;

                leaf label-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Backup segment label value from static label pool";
                }
              }  // container label
            }  // container egress-te-backup-segment

            container egress-te-backup-ip-forward {
              presence
                "enable egress-te-backup-ip-forward";
              description
                "Use IP-forward backup path for Egress TE";
              uses apply-advanced;

              leaf instance-name {
                type string {
                  junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                  junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
                }
                description
                  "Routing-instance to use as IP forward backup-path";
              }
            }  // container egress-te-backup-ip-forward

            container te-link-attribute {
              presence
                "enable te-link-attribute";
              description "Link attribute";
              uses apply-advanced;

              leaf te-metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                default "1";
                description
                  "TE Metric value";
              }

              leaf igp-metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 16777215";
                  }
                }
                default "1";
                description
                  "IGP Metric value";
              }

              leaf-list admin-group {
                type string;
                max-elements 16;
                ordered-by user;
                description
                  "Administrative groups";
              }
            }  // container te-link-attribute
          }  // list egress-te-adj-segment

          leaf vpn-apply-export {
            type empty;
            description
              "Apply BGP export policy when exporting VPN routes";
          }

          container egress-te {
            presence "enable egress-te";
            description
              "Use Egress Peering traffic engineering";
            uses apply-advanced;

            leaf install-address {
              type jt:ipaddr;
              description
                "Address to use in egress-te created inet route";
            }

            container rib {
              description
                "Select primary table for Egress-TE routes";
              uses apply-advanced;

              leaf inet.0 {
                type empty;
                description
                  "Install Egress-TE routes in inet.0";
              }

              leaf inet6.0 {
                type empty;
                description
                  "Install Egress-TE routes in inet6.0";
              }
            }  // container rib

            leaf no-install {
              type empty;
              description
                "Avoid installation to FIB or resolving over";
            }

            leaf-list import {
              type jt:policy-algebra;
              ordered-by user;
              description
                "Import policy to set attributes";
            }

            leaf backup-path {
              junos:must "("protocols bgp egress-te-backup-paths template $$")";
              junos:must-message "bgp egress-te-backup-paths template not configured";
              type string {
                junos:posix-pattern "^.{1,64}$";
                junos:pattern-message "Must be a string of 64 characters or less";
              }
              description
                "The 'egress-te-backup-paths template' to use for this peer";
            }
          }  // container egress-te

          leaf advertise-prefix-sid {
            type empty;
            description
              "Advertise prefix sid to E-BGP peers";
          }

          leaf accept-prefix-sid {
            type empty;
            description
              "Accept prefix sid from E-BGP peers";
          }

          leaf advertise-srgb {
            type empty;
            description "Advertise SRGB TLV";
          }
        }  // list neighbor

        leaf vpn-apply-export {
          type empty;
          description
            "Apply BGP export policy when exporting VPN routes";
        }

        container egress-te {
          presence "enable egress-te";
          description
            "Use Egress Peering traffic engineering";
          uses apply-advanced;

          leaf install-address {
            type jt:ipaddr;
            description
              "Address to use in egress-te created inet route";
          }

          container rib {
            description
              "Select primary table for Egress-TE routes";
            uses apply-advanced;

            leaf inet.0 {
              type empty;
              description
                "Install Egress-TE routes in inet.0";
            }

            leaf inet6.0 {
              type empty;
              description
                "Install Egress-TE routes in inet6.0";
            }
          }  // container rib

          leaf no-install {
            type empty;
            description
              "Avoid installation to FIB or resolving over";
          }

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy to set attributes";
          }

          leaf backup-path {
            junos:must "("protocols bgp egress-te-backup-paths template $$")";
            junos:must-message "bgp egress-te-backup-paths template not configured";
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of 64 characters or less";
            }
            description
              "The 'egress-te-backup-paths template' to use for this peer";
          }
        }  // container egress-te

        leaf advertise-prefix-sid {
          type empty;
          description
            "Advertise prefix sid to E-BGP peers";
        }

        leaf accept-prefix-sid {
          type empty;
          description
            "Accept prefix sid from E-BGP peers";
        }

        leaf advertise-srgb {
          type empty;
          description "Advertise SRGB TLV";
        }
      }  // list group

      container traffic-statistics-labeled-path {
        presence
          "enable traffic-statistics-labeled-path";
        description
          "Collect periodic ingress labeled statistics for BGP label-switched paths ";
        uses apply-advanced;

        container file {
          description
            "Statistics file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "60 .. 65535";
            }
          }
          units "seconds";
          description
            "Time interval to collect statistics";
        }
      }  // container traffic-statistics-labeled-path

      container source-packet-routing {
        description
          "Enable Source Packet Routing (SPRING)";
        uses apply-advanced;

        container srgb {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          junos:must "(".. .. .. .. protocols mpls ")";
          junos:must-message "SPRING configuration is not allowed without 'protocols mpls'";
          description
            "Set the SRGB global block in SPRING";
          leaf start-label {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Start range for SRGB label block";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Index to the SRGB start label block";
          }
        }  // container srgb

        container srv6 {
          description
            "Enable IPv6 Segment Routing (SRv6)";
          uses apply-advanced;

          list locator {
            key "name";
            ordered-by user;
            description "SRv6 Locator";
            leaf name {
              junos:must "("routing-options source-packet-routing srv6 locator $$")";
              junos:must-message "Referenced srv6 locator must be defined";
              type string;
              description "Locator name";
            }

            uses apply-advanced;

            leaf end-dt4-sid {
              type jt:ipv6addr;
              description
                "End dt4 sid with 128 bit address";
            }

            leaf end-dt6-sid {
              type jt:ipv6addr;
              description
                "End dt6 sid with 128 bit address";
            }
          }  // list locator
        }  // container srv6
      }  // container source-packet-routing

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable BGP";
        }
      }  // choice enable-disable

      choice precision-timers-choice {
        leaf precision-timers {
          type empty;
          description
            "Use precision timers for scheduling keepalives";
        }
        leaf no-precision-timers {
          type empty;
          description
            "Don't use precision timers for scheduling keepalives";
        }
      }  // choice precision-timers-choice

      container snmp-options {
        description
          "Customize SNMP behaviors specifically for BGP MIBs";
        uses apply-advanced;

        leaf backward-traps-only-from-established {
          type empty;
          description
            "Limit traps for backward transitions to only those moving from Established state.";
        }

        leaf emit-inet-address-length-in-oid {
          type empty;
          description
            "Emit Length in OID for InetAddress MIB type.";
        }
      }  // container snmp-options

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      leaf prioritize-route-queueing {
        type empty;
        description
          "Let route-queue building happen without getting throttled";
      }

      container traceoptions {
        description "Trace options for BGP";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "damping" {
                value 0;
                description
                  "Trace BGP damping information";
              }
              enum "packets" {
                value 1;
                description
                  "Trace all BGP protocol packets";
              }
              enum "open" {
                value 2;
                description
                  "Trace BGP open packets";
              }
              enum "update" {
                value 3;
                description
                  "Trace BGP update packets";
              }
              enum "keepalive" {
                value 4;
                description
                  "Trace BGP keepalive packets";
              }
              enum "refresh" {
                value 5;
                description
                  "Trace BGP refresh packets";
              }
              enum "nsr-synchronization" {
                value 6;
                description
                  "Trace NSR synchronization events";
              }
              enum "bfd" {
                value 7;
                description
                  "Trace BFD events";
              }
              enum "4byte-as" {
                value 8;
                description
                  "Trace 4 byte AS events";
              }
              enum "add-path" {
                value 9;
                description
                  "Trace add-path events";
              }
              enum "graceful-restart" {
                value 10;
                description
                  "Trace Graceful Restart events";
              }
              enum "egress-te" {
                value 11;
                description
                  "Egress Peering Traffic-Engineering events";
              }
              enum "thread-io" {
                value 12;
                description
                  "Trace threaded I/O processing";
              }
              enum "sharding" {
                value 13;
                description
                  "Trace BGP rib sharding";
              }
              enum "thread-update-io" {
                value 14;
                description
                  "Trace threaded update I/O processing";
              }
              enum "route-validation" {
                value 15;
                description
                  "Trace route validation";
              }
              enum "ipsec" {
                value 16;
                description "Trace ipsec";
              }
              enum "route" {
                value 17;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 18;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 19;
                description
                  "Trace general events";
              }
              enum "state" {
                value 20;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 21;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 22;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 23;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 24;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }

          container filter {
            presence "enable filter";
            description
              "Filter to apply to this flag";
            uses bgp_filter_obj;
          }  // container filter
        }  // list flag
      }  // container traceoptions

      leaf description {
        type string {
          length "1 .. 255";
        }
        description "Text description";
      }

      container metric-out {
        description
          "Route metric sent in MED";
        choice metric_param {
          leaf metric-value {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            description "Metric value";
          }
          container minimum-igp {
            presence "enable minimum-igp";
            description
              "Track the minimum IGP metric";
            leaf metric-offset {
              type union {
                type int32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Metric offset for MED";
            }
          }  // container minimum-igp
          container igp {
            presence "enable igp";
            description
              "Track the IGP metric";
            leaf metric-offset {
              type union {
                type int32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Metric offset for MED";
            }

            leaf delay-med-update {
              type empty;
              description
                "Delay updating MED when IGP metric increases";
            }
          }  // container igp
          container effective-aigp {
            presence "enable effective-aigp";
            description
              "Track the effective AIGP metric";
            leaf metric-offset {
              type union {
                type int32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Metric offset for MED";
            }
          }  // container effective-aigp
          container minimum-effective-aigp {
            presence
              "enable minimum-effective-aigp";
            description
              "Track the minimum effective AIGP metric";
            leaf metric-offset {
              type union {
                type int32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Metric offset for MED";
            }
          }  // container minimum-effective-aigp
        }  // choice metric_param
      }  // container metric-out

      container multihop {
        presence "enable multihop";
        description
          "Configure an EBGP multihop session";
        uses apply-advanced;

        leaf ttl {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 255";
            }
          }
          description
            "TTL value for the session";
        }

        leaf no-nexthop-change {
          type empty;
          description
            "Do not change next hop to self in advertisements";
        }
      }  // container multihop

      leaf route-server-client {
        type empty;
        description
          "Enable route server client behavior";
      }

      leaf accept-remote-nexthop {
        type empty;
        description
          "Allow import policy to specify a non-directly connected next-hop";
      }

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Preference value";
      }

      leaf local-preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Value of LOCAL_PREF path attribute";
      }

      leaf local-address {
        type jt:ipaddr;
        description
          "Address of local end of BGP session";
      }

      leaf local-interface {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Local interface for IPv6 link local EBGP peering";
      }

      leaf forwarding-context {
        type string {
          junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
          junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
        }
        description
          "Routing-instance used for data-forwarding and transport-session";
      }

      leaf hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Hold time used when negotiating with a peer";
      }

      leaf minimum-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "3 .. 65535";
          }
        }
        description
          "Minimum hold time accepted from the peer";
      }

      leaf passive {
        type empty;
        description
          "Do not send open messages to a peer";
      }

      leaf advertise-inactive {
        type empty;
        description
          "Advertise inactive routes";
      }

      choice advertise-peer-as-choice {
        leaf advertise-peer-as {
          type empty;
          description
            "Advertise routes received from the same autonomous system";
        }
        leaf no-advertise-peer-as {
          type empty;
          description
            "Don't advertise routes received from the same autonomous system";
        }
      }  // choice advertise-peer-as-choice

      container advertise-external {
        presence "enable advertise-external";
        description
          "Advertise best external routes";
        leaf conditional {
          type empty;
          description
            "Route matches active route upto med-comparison rule";
        }
      }  // container advertise-external

      leaf keep {
        type enumeration {
          enum "all" {
            value 0;
            description "Retain all routes";
          }
          enum "none" {
            value 1;
            description "Retain no routes";
          }
        }
        description
          "How to retain routes in the routing table";
      }

      leaf rfc6514-compliant-safi129 {
        type empty;
        description
          "Compliant with RFC6514 SAFI129 format";
      }

      leaf no-aggregator-id {
        type empty;
        description
          "Set router ID in aggregator path attribute to 0";
      }

      leaf mtu-discovery {
        type empty;
        description
          "Enable TCP path MTU discovery";
      }

      leaf enforce-first-as {
        type empty;
        description
          "Enforce first AS in AS-path is the neighbor's AS";
      }

      leaf out-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "How long before exporting routes from routing table";
      }

      leaf ttl {
        junos:must "((!(".. .. type internal") && !(".. multihop")))";
        junos:must-message "This option is valid only for single-hop EBGP neighbor";
        type enumeration {
          enum "1" {
            value 0;
          }
          enum "255" {
            value 1;
          }
        }
        description
          "TTL value for the single-hop peer";
      }

      leaf log-updown {
        type empty;
        description
          "Log a message for peer state transitions";
      }

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }

      leaf-list nlri {
        type enumeration {
          enum "unicast" {
            value 0;
            status deprecated;
            description
              "Include unicast NLRI";
          }
          enum "multicast" {
            value 1;
            status deprecated;
            description
              "Include multicast NLRI";
          }
          enum "any" {
            value 2;
            status deprecated;
            description
              "Include any kind of NLRI";
          }
        }
        ordered-by user;
        status deprecated;
        description
          "NLRI type to include in updates";
      }

      container bgp-error-tolerance {
        presence
          "enable bgp-error-tolerance";
        description
          "Handle BGP malformed updates softly";
        uses apply-advanced;

        leaf malformed-update-log-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 65535";
            }
          }
          units "seconds";
          default "300";
          description
            "Time used when logging malformed update";
        }

        choice malformed-routes-limit-choice {
          leaf malformed-route-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            default "1000";
            description
              "Maximum number of malformed routes from a peer";
          }
          leaf no-malformed-route-limit {
            type empty;
            description
              "No malformed route limit";
          }
        }  // choice malformed-routes-limit-choice
      }  // container bgp-error-tolerance

      leaf authentication-key {
        type string {
          length "1 .. 126";
        }
        description "MD5 authentication key";
      }

      leaf authentication-algorithm {
        junos:must "(".. authentication-key-chain")";
        junos:must-message "May not be configured without authentication-key-chain";
        junos:must "(!(".. authentication-key"))";
        junos:must-message "May not be configured with authentication-key";
        type enumeration {
          enum "md5" {
            value 0;
            description "Message Digest 5";
          }
          enum "hmac-sha-1-96" {
            value 1;
            description
              "Hash-based Message Authentication Code (SHA1) (96 bits)";
          }
          enum "aes-128-cmac-96" {
            value 2;
            description
              "Cipher-based Message Authentication Code (AES128) (96 bits)";
          }
          enum "ao" {
            value 3;
            description
              "TCP Authentication Option";
          }
        }
        default "hmac-sha-1-96";
        description
          "Authentication algorithm name";
      }

      leaf tcpao-handling-with-digest-mismatch {
        junos:must "(!(".. authentication-key"))";
        junos:must-message "May not be configured with authentication-key";
        type enumeration {
          enum "drop-if-no-tcpao" {
            value 0;
            description
              "Drop the connection if Digest mismatched";
          }
          enum "allow-without-tcpao" {
            value 1;
            description
              "Allow the connection establishment without TCP-AO";
          }
        }
        description
          "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
      }

      leaf authentication-key-chain {
        junos:must "(!(".. authentication-key"))";
        junos:must-message "May not be configured with authentication-key";
        junos:must "("security authentication-key-chains key-chain $$")";
        junos:must-message "Referenced key-chain must be defined";
        type string {
          length "1 .. 128";
        }
        description "Key chain name";
      }

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      container remove-private {
        presence "enable remove-private";
        description
          "Remove well-known private AS numbers";
        uses apply-advanced;

        container all {
          presence "enable all";
          description
            "Remove all private AS numbers and do not stop at the first public AS number";
          container replace {
            presence "enable replace";
            description
              "Replace private AS numbers with the BGP Group's local AS number";
            leaf nearest {
              type empty;
              description
                "Use closest public AS number to replace a private AS number";
            }
          }  // container replace
        }  // container all

        leaf no-peer-loop-check {
          type empty;
          description
            "Remove peer loop-check";
        }
      }  // container remove-private

      leaf cluster {
        type jt:areaid;
        description "Cluster identifier";
      }

      leaf no-client-reflect {
        type empty;
        description
          "Disable intracluster route redistribution";
      }

      leaf peer-as {
        type string {
          junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
          junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
        }
        description
          " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
      }

      container local-as {
        description
          "Local autonomous system number";
        leaf as-number {
          type string {
            junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
            junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
          }
          description
            " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
        }

        leaf loops {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 10";
            }
          }
          description
            "Maximum number of times this AS can be in an AS path";
        }

        leaf private {
          type empty;
          description
            "Hide this local AS in paths learned from this peering";
        }

        leaf alias {
          type empty;
          description
            "Treat this AS as an alias to the system AS";
        }

        leaf no-prepend-global-as {
          type empty;
          description
            "Do not prepend global autonomous-system number in advertised paths";
        }
      }  // container local-as

      leaf ipsec-sa {
        junos:must "("security ipsec security-association $$")";
        junos:must-message "Referenced IPSec Security Association must be defined";
        type string {
          length "1 .. 32";
        }
        description "IPSec SA name";
      }

      container graceful-shutdown {
        description
          "BGP peer graceful shutdown option";
        uses apply-advanced;

        container receiver {
          presence "enable receiver";
          description
            "BGP peer graceful-shutdown receiver";
          uses apply-advanced;

          leaf disable {
            junos:must "(!(".. .. sender"))";
            junos:must-message "Receiver cannot be disabled on Sender";
            type empty;
            description
              "Disable graceful-shutdown receiver";
          }

          leaf local-preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Value of receiver LOCAL_PREF path attribute";
          }
        }  // container receiver

        container sender {
          presence "enable sender";
          description
            "BGP peer graceful-shutdown sender";
          uses apply-advanced;

          leaf local-preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Value of sender LOCAL_PREF path attribute";
          }
        }  // container sender
      }  // container graceful-shutdown

      container shutdown {
        presence "enable shutdown";
        description "Shutdown";
        uses apply-advanced;

        leaf notify-message {
          type string;
          description "Notification message";
        }
      }  // container shutdown

      leaf unconfigured-peer-graceful-restart {
        junos:must "(".. graceful-restart")";
        junos:must-message "unconfigured-peer-graceful-restart is only valid with 'graceful-restart'";
        type empty;
        description
          "BGP unconfigured peer graceful restart options";
      }

      container graceful-restart {
        presence "enable graceful-restart";
        description
          "BGP graceful restart options";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf restart-time {
          junos:must "(("routing-options graceful-restart" || "fabric routing-options graceful-restart"))";
          junos:must-message "restart-time is only valid with 'routing-options graceful-restart'";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          description
            "Restart time used when negotiating with a peer";
        }

        leaf stale-routes-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          description
            "Maximum time for which stale routes are kept";
        }

        container long-lived {
          description
            "Long-lived graceful restart options";
          uses apply-advanced;

          container receiver {
            description
              "Long-lived graceful restart receiver (helper) options";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable receiver (helper) functionality";
              }
            }  // choice enable-disable
          }  // container receiver

          container advertise-to-non-llgr-neighbor {
            presence
              "enable advertise-to-non-llgr-neighbor";
            description
              "Advertise stale routes to non-LLGR neighbors";
            uses apply-advanced;

            leaf omit-no-export {
              type empty;
              description
                "Do not attach no-export community to stale routes";
            }
          }  // container advertise-to-non-llgr-neighbor
        }  // container long-lived

        leaf disable-notification-extensions {
          type empty;
          description
            "Disable notification extensions";
        }

        leaf forwarding-state-bit {
          type enumeration {
            enum "as-rr-client" {
              value 0;
              description
                "As for a route reflector client";
            }
            enum "from-fib" {
              value 1;
              description
                "Always use state of associated FIB(s)";
            }
          }
          description
            "Control forwarding-state flag negotiation";
        }

        leaf dont-help-shared-fate-bfd-down {
          type empty;
          description
            "Honor BFD-Down(C=0) if GR-restart not in progress";
        }
      }  // container graceful-restart

      leaf include-mp-next-hop {
        type empty;
        description
          "Include NEXT-HOP attribute in multiprotocol updates";
      }

      leaf disable-4byte-as {
        type empty;
        description
          "Disable 4 byte AS capability advertisement";
      }

      container idle-after-switch-over {
        description
          "Stop peer session from coming up after nonstop-routing switch-over";
        choice idle-interval {
          leaf forever {
            type empty;
            description
              "Idle the peer until the user intervenes";
          }
          leaf timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Timeout value, in seconds, for starting peer after switch over";
          }
        }  // choice idle-interval
      }  // container idle-after-switch-over

      container outbound-route-filter {
        junos:must "(!("system processes routing bgp update-threading"))";
        junos:must-message "Can't be configured together with update-threading";
        description
          "Dynamically negotiated cooperative route filtering";
        uses apply-advanced;

        leaf bgp-orf-cisco-mode {
          type empty;
          description
            "Using BGP ORF capability code 130 and Prefix ORF type 128";
        }

        container extended-community {
          status deprecated;
          description
            "Extended community filtering";
          uses apply-advanced;

          choice accept-choice {
            leaf accept {
              type empty;
              description
                "Honor remote requests for extended community ORF";
            }
            leaf no-accept {
              type empty;
              description
                "Don't honor remote requests for extended community ORF";
            }
          }  // choice accept-choice

          leaf vrf-filter {
            type empty;
            description
              "Request remote filtering using locally configured VRF import targets";
          }
        }  // container extended-community

        container prefix-based {
          presence "enable prefix-based";
          description
            "Prefix-based outbound route filtering";
          uses apply-advanced;

          container accept {
            presence "enable accept";
            description
              "Honor Prefix-based ORFs from remote peers";
            uses apply-advanced;

            leaf inet {
              type empty;
              description
                "Honor IPv4 prefix filters";
            }

            leaf inet6 {
              type empty;
              description
                "Honor IPv6 prefix filters";
            }
          }  // container accept
        }  // container prefix-based
      }  // container outbound-route-filter

      container message-batching {
        status deprecated;
        description
          "DEPRECATED - Batching of outgoing messages";
        uses apply-advanced;

        choice enable-disable {
          leaf enable {
            type empty;
            description "Enable parameter";
          }
          leaf disable {
            type empty;
            description "Disable parameter";
          }
        }  // choice enable-disable

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "100 .. 1000";
            }
          }
          units "milliseconds";
          default "250";
          description
            "DEPRECATED - Interval over which to batch messages";
        }
      }  // container message-batching

      container multipath {
        presence "enable multipath";
        description
          "Allow load sharing among multiple BGP paths";
        uses apply-advanced;

        leaf disable {
          type empty;
          description "Disable Multipath";
        }

        leaf multiple-as {
          type empty;
          description
            "Use paths received from different ASs";
        }

        leaf allow-protection {
          type empty;
          description
            "Allow protection for multipath legs";
        }

        leaf pause-computation-during-churn {
          type empty;
          description
            "Pause multipath job to absorb churn";
        }

        leaf list-nexthop {
          type empty;
          description
            "Use List-NH for homogenous nexthop-set also";
        }
      }  // container multipath

      leaf tcp-mss {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4096";
          }
        }
        description
          "Maximum TCP segment size";
      }

      leaf bgp-identifier {
        type jt:ipv4addr;
        description "BGP Identifier";
      }

      leaf tcp-aggressive-transmission {
        type empty;
        description
          "Enable aggressive transmission of pure TCP ACKs and retransmissions";
      }

      container bmp {
        description
          "Specific settings to override the routing-options settings";
        uses apply-advanced;

        leaf monitor {
          type enumeration {
            enum "enable" {
              value 0;
              description
                "Enable monitoring of BGP peer(s)";
            }
            enum "disable" {
              value 1;
              description
                "Disable monitoring of BGP peer(s)";
            }
          }
          description
            "Enable/Disable monitoring";
        }

        container route-monitoring {
          description
            "Control route monitoring settings";
          uses apply-advanced;

          leaf none {
            junos:must "((!(".. pre-policy") && (!(".. post-policy") && !(".. rib-out"))))";
            junos:must-message "May not be configured with pre-policy or post-policy or rib-out";
            type empty;
            description
              "Do not send route monitoring messages";
          }

          container pre-policy {
            presence "enable pre-policy";
            description
              "Send pre-policy route monitoring messages";
            leaf exclude-non-feasible {
              type empty;
              description
                "Exclude looped routes, etc";
            }
          }  // container pre-policy

          container post-policy {
            presence "enable post-policy";
            description
              "Send post-policy route monitoring messages";
            leaf exclude-non-eligible {
              type empty;
              description
                "Exclude unresolved routes, etc.";
            }
          }  // container post-policy

          container rib-out {
            junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
            junos:must-message "Update threading can't be configured together with bmp rib-out monitoring";
            presence "enable rib-out";
            description
              "Send adj-ribs-out route monitoring messages";
            leaf pre-policy {
              type empty;
              description
                "Send pre-policy adj-ribs-out route monitoring messages";
            }

            leaf post-policy {
              type empty;
              description
                "Send post-policy adj-ribs-out route monitoring messages";
            }
          }  // container rib-out
        }  // container route-monitoring
      }  // container bmp

      container advertise-bgp-static {
        presence
          "enable advertise-bgp-static";
        description
          "Advertise bgp-static routes";
        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Static route advertisement policy";
        }
      }  // container advertise-bgp-static

      leaf add-path-display-ipv4-address {
        type empty;
        description
          "Display add-path path-id in IPv4 address format";
      }

      container bfd-liveness-detection {
        description
          "Bidirectional Forwarding Detection (BFD) options";
        uses apply-advanced;

        leaf version {
          type enumeration {
            enum "0" {
              value 0;
              description
                "BFD version 0 (deprecated)";
            }
            enum "1" {
              value 1;
              description "BFD version 1";
            }
            enum "automatic" {
              value 2;
              description
                "Choose BFD version automatically";
            }
          }
          default "automatic";
          description
            "BFD protocol version number";
        }

        leaf minimum-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum transmit and receive interval";
        }

        leaf minimum-transmit-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          status deprecated;
          description
            "Minimum transmit interval";
        }

        leaf minimum-receive-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum receive interval";
        }

        leaf multiplier {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255";
            }
          }
          default "3";
          description
            "Detection time multiplier";
        }

        choice adaptation-choice {
          leaf no-adaptation {
            type empty;
            description "Disable adaptation";
          }
        }  // choice adaptation-choice

        container transmit-interval {
          description
            "Transmit-interval options";
          uses apply-advanced;

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit interval";
          }

          leaf threshold {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "milliseconds";
            description
              "High transmit interval triggering a trap";
          }
        }  // container transmit-interval

        container detection-time {
          description
            "Detection-time options";
          uses apply-advanced;

          leaf threshold {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "milliseconds";
            description
              "High detection-time triggering a trap";
          }
        }  // container detection-time

        container authentication {
          description
            "Authentication options";
          uses apply-advanced;

          leaf key-chain {
            junos:must "(".. algorithm")";
            junos:must-message "May not be configured without algorithm";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string;
            description "Key chain name";
          }

          leaf algorithm {
            junos:must "(".. key-chain")";
            junos:must-message "May not be configured without key-chain";
            type enumeration {
              enum "simple-password" {
                value 0;
                description
                  "Simple password";
              }
              enum "keyed-md5" {
                value 1;
                description
                  "Keyed message Digest 5";
              }
              enum "meticulous-keyed-md5" {
                value 2;
                description
                  "Meticulous keyed message Digest 5";
              }
              enum "keyed-sha-1" {
                value 3;
                description
                  "Keyed secure hash algorithm (SHA1) ";
              }
              enum "meticulous-keyed-sha-1" {
                value 4;
                description
                  "Meticulous keyed secure hash algorithm (SHA1) ";
              }
            }
            description "Algorithm name";
          }

          leaf loose-check {
            type empty;
            description
              "Verify authentication only if authentication is negotiated";
          }
        }  // container authentication

        leaf session-mode {
          type enumeration {
            enum "automatic" {
              value 0;
              description
                "Choose session-mode automatically";
            }
            enum "single-hop" {
              value 1;
              description "Use single-hop";
            }
            enum "multihop" {
              value 2;
              description "Use multihop";
            }
          }
          default "automatic";
          description
            "BFD single-hop or multihop session-mode";
        }

        leaf holddown-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Time to hold the session-UP notification to the client";
        }
      }  // container bfd-liveness-detection

      container output-queue-priority {
        description
          "BGP output queue priority scheduler for updates";
        uses apply-advanced;

        container expedited {
          presence "enable expedited";
          description
            "Expedited queue; highest priority";
          leaf update-tokens {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description "Number of tokens";
          }
        }  // container expedited

        list priority {
          key "name";
          description
            "Output queue priority 1..16; higher is better";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16";
              }
            }
            description
              "Output queue priority; higher is better";
          }

          leaf update-tokens {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description "Number of tokens";
          }
        }  // list priority

        container defaults {
          description
            "Map policy's priority class and BGP output-queue";
          uses apply-advanced;

          container low {
            description
              "Assign the 'low' priority class to this output-queue";
            uses bgp-output-queue-priority-class;
          }  // container low

          container medium {
            description
              "Assign the 'medium' priority class to this output-queue";
            uses bgp-output-queue-priority-class;
          }  // container medium

          container high {
            description
              "Assign the 'high' priority class to this output-queue";
            uses bgp-output-queue-priority-class;
          }  // container high
        }  // container defaults
      }  // container output-queue-priority

      container multipath-build-priority {
        description
          "Configure the multipath build priority";
        uses apply-advanced;

        choice multipath-priority {
          leaf low {
            type empty;
            description
              "Do multipath build with low priority";
          }
          leaf medium {
            type empty;
            description
              "Do multipath build with medium priority";
          }
        }  // choice multipath-priority
      }  // container multipath-build-priority

      leaf send-addpath-optimization {
        type empty;
        description
          "Enable BGP addpath advertisement optimization";
      }

      container defaults {
        uses apply-advanced;

        container ebgp {
          description
            "Options impacting external BGP default behaviors";
          uses apply-advanced;

          container no-policy {
            description
              "Default ebgp behaviors in the absence of configured policy";
            uses apply-advanced;

            leaf receive {
              type enumeration {
                enum "accept" {
                  value 0;
                  description
                    "By default, accept routes from all address families";
                }
                enum "reject" {
                  value 1;
                  description
                    "By default, reject routes from IPv4/IPv6 unicast address families";
                }
                enum "reject-always" {
                  value 2;
                  description
                    "By default, reject routes from all address families";
                }
              }
              description
                "Default ebgp receive behavior";
            }

            leaf advertise {
              type enumeration {
                enum "accept" {
                  value 0;
                  description
                    "By default, advertise routes for all address families";
                }
                enum "reject" {
                  value 1;
                  description
                    "By default, do not advertise routes from IPv4/IPv6 unicast address families";
                }
                enum "reject-always" {
                  value 2;
                  description
                    "By default, do not advertise routes from any address families";
                }
              }
              description
                "Default ebgp advertise behavior";
            }
          }  // container no-policy
        }  // container ebgp
      }  // container defaults
    }  // grouping juniper-protocols-bgp

    grouping bgp-af-gr {
      uses apply-advanced;

      container long-lived {
        description
          "Long-lived graceful restart options";
        uses apply-advanced;

        container restarter {
          description
            "Long-lived graceful restart restarter options";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable restarter functionality";
            }
          }  // choice enable-disable

          leaf stale-time {
            type string;
            description
              "Stale time in seconds or dhms notation (1..16777215)";
          }
        }  // container restarter
      }  // container long-lived

      leaf forwarding-state-bit {
        type enumeration {
          enum "set" {
            value 0;
            description "Always set";
          }
          enum "from-fib" {
            value 1;
            description
              "Use state of associated FIB(s)";
          }
        }
        description
          "Control forwarding-state flag negotiation";
      }
    }  // grouping bgp-af-gr

    grouping bgp-afi-default {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }
    }  // grouping bgp-afi-default

    grouping apath-options {
      description
        "Number of paths to advertise";
      uses apply-advanced;

      leaf receive {
        type empty;
        description
          "Receive multiple paths from peer";
      }

      container send {
        presence "enable send";
        description
          "Send multiple paths to peer";
        uses apply-advanced;

        container path-selection-mode {
          junos:must "(!(".. multipath"))";
          junos:must-message "Multipath must be disabled";
          description
            "Configure how to select add-path routes";
          uses apply-advanced;

          choice mode {
            leaf all-paths {
              type empty;
              description
                "Advertise all paths allowed by path count";
            }
            leaf equal-cost-paths {
              type empty;
              description
                "Advertise equal cost paths";
            }
          }  // choice mode
        }  // container path-selection-mode

        leaf-list prefix-policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Perform add-path only for prefixes that match policy";
        }

        leaf path-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "2 .. 64";
            }
          }
          description
            "Number of paths to advertise";
        }

        leaf include-backup-path {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 2";
            }
          }
          description
            "Number of backup paths to advertise";
        }

        leaf multipath {
          type empty;
          description
            "Include only multipath contributor routes";
        }
      }  // container send
    }  // grouping apath-options

    grouping bgp-afi-flow {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      leaf-list no-validate {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Bypass validation procedure for routes that match policy";
      }

      leaf strip-nexthop {
        type empty;
        description
          "Strip the next-hop from the outgoing flow update";
      }

      leaf allow-policy-add-nexthop {
        type empty;
        status deprecated;
        description
          "Allow policy to add nexthop to a route without nexthop";
      }
    }  // grouping bgp-afi-flow

    grouping bgp-afi-flow-with-redirect-ip-action {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      leaf-list no-validate {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Bypass validation procedure for routes that match policy";
      }

      leaf strip-nexthop {
        type empty;
        description
          "Strip the next-hop from the outgoing flow update";
      }

      container legacy-redirect-ip-action {
        presence
          "enable legacy-redirect-ip-action";
        description
          "Configure legacy redirect to IP support";
        uses apply-advanced;

        leaf receive {
          type empty;
          description
            "Accept legacy encoded redirect-to-ip action attribute";
        }

        leaf send {
          type empty;
          description
            "Advertise Redirect action as legacy redirect attribute";
        }
      }  // container legacy-redirect-ip-action

      leaf secondary-independent-resolution {
        type empty;
        description
          "Resolve FLOW routes in VRF table independent of VPN FLOW route";
      }
    }  // grouping bgp-afi-flow-with-redirect-ip-action

    grouping bgp-afi-inet-transport {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label

      leaf per-prefix-label {
        type empty;
        description
          "Allocate a unique label to each advertised prefix";
      }

      leaf per-group-label {
        type empty;
        description
          "Advertise prefixes with unique labels per group";
      }

      container traffic-statistics {
        presence "enable traffic-statistics";
        description
          "Collect statistics for BGP label-switched paths";
        uses bgpaf-traffic-statistics;
      }  // container traffic-statistics

      container protection {
        presence "enable protection";
        description
          "Compute backup path for active nexthop failure";
      }  // container protection
    }  // grouping bgp-afi-inet-transport

    grouping bgp-afi-inet6-labeled {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label

      leaf per-group-label {
        type empty;
        description
          "Advertise prefixes with unique labels per group";
      }

      container traffic-statistics {
        presence "enable traffic-statistics";
        description
          "Collect statistics for BGP label-switched paths";
        uses bgpaf-traffic-statistics;
      }  // container traffic-statistics

      container rib {
        description
          "Select table used by labeled unicast routes";
        uses apply-advanced;

        leaf inet6.3 {
          type empty;
          description
            "Use inet6.3 to exchange labeled unicast routes";
        }
      }  // container rib

      container explicit-null {
        presence "enable explicit-null";
        description
          "Advertise explicit null";
        leaf connected-only {
          type empty;
          description
            "Advertise explicit null only for connected routes";
        }
      }  // container explicit-null

      container protection {
        junos:must "((!(".. .. .. .. type internal") && !(".. .. .. .. .. type internal")))";
        junos:must-message "Protection for labeled-bgp valid only for EBGP";
        presence "enable protection";
        description
          "Compute backup path for active nexthop failure";
      }  // container protection

      list topology {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        junos:must "(!("routing-options no-multi-topology-routing"))";
        junos:must-message "Multi topology routing is disabled";
        key "name";
        ordered-by user;
        description
          "Multi topology routing tables";
        leaf name {
          type string {
            junos:posix-pattern "!^((.*:.*)|(.{129,}))$";
            junos:pattern-message "Must be a non-reserved string of 128 characters or less";
          }
          description "Topology name";
        }

        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify multi topology routes";
        }
      }  // list topology
    }  // grouping bgp-afi-inet6-labeled

    grouping bgp-afi-inet6-transport {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label

      leaf per-prefix-label {
        type empty;
        description
          "Allocate a unique label to each advertised prefix";
      }

      leaf per-group-label {
        type empty;
        description
          "Advertise prefixes with unique labels per group";
      }

      container traffic-statistics {
        presence "enable traffic-statistics";
        description
          "Collect statistics for BGP label-switched paths";
        uses bgpaf-traffic-statistics;
      }  // container traffic-statistics

      container lu-export {
        presence "enable lu-export";
        description
          "Install Classful Transport routes in inet6.3";
        uses apply-advanced;
      }  // container lu-export

      container protection {
        presence "enable protection";
        description
          "Compute backup path for active nexthop failure";
      }  // container protection
    }  // grouping bgp-afi-inet6-transport

    grouping bgp-afi-l2vpn {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container egress-protection {
        junos:must "(!(".. .. .. .. type external"))";
        junos:must-message "Egress-protection is valid only for IBGP";
        presence "enable egress-protection";
        description
          "Egress router protection";
        uses apply-advanced;

        container context-identifier {
          description "Context identifier";
          uses apply-advanced;

          leaf context-id {
            junos:must "("protocols mpls egress-protection context-identifier $$ primary")";
            junos:must-message "context-identifier must be type primary";
            junos:must "("protocols mpls egress-protection context-identifier $$")";
            junos:must-message "same context-identifier must be defined in protocols mpls egress-protection";
            type jt:ipv4addr;
            description "IP address";
          }
        }  // container context-identifier

        leaf-list keep-import {
          junos:must "("policy-options policy-statement ")";
          junos:must-message "policy-options policy-statement";
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }
      }  // container egress-protection
    }  // grouping bgp-afi-l2vpn

    grouping bgp-afi-l3vpn {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label

      container egress-protection {
        junos:must "(!(".. .. .. .. type external"))";
        junos:must-message "Egress-protection is valid only for IBGP";
        presence "enable egress-protection";
        description
          "Egress router protection";
        uses apply-advanced;

        container context-identifier {
          description "Context identifier";
          uses apply-advanced;

          leaf context-id {
            junos:must "("protocols mpls egress-protection context-identifier $$ primary")";
            junos:must-message "context-identifier must be type primary";
            junos:must "("protocols mpls egress-protection context-identifier $$")";
            junos:must-message "same context-identifier must be defined in protocols mpls egress-protection";
            type jt:ipv4addr;
            description "IP address";
          }
        }  // container context-identifier

        leaf-list keep-import {
          junos:must "("policy-options policy-statement ")";
          junos:must-message "policy-options policy-statement";
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }
      }  // container egress-protection

      leaf accept-local-nexthop {
        type empty;
        description
          "Enable processing of routes with own nexthop";
      }
    }  // grouping bgp-afi-l3vpn

    grouping bgp-afi-labeled {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label

      leaf per-prefix-label {
        type empty;
        description
          "Allocate a unique label to each advertised prefix";
      }

      leaf per-group-label {
        type empty;
        description
          "Advertise prefixes with unique labels per group";
      }

      container traffic-statistics {
        presence "enable traffic-statistics";
        description
          "Collect statistics for BGP label-switched paths";
        uses bgpaf-traffic-statistics;
      }  // container traffic-statistics

      list topology {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        junos:must "(!("routing-options no-multi-topology-routing"))";
        junos:must-message "Multi topology routing is disabled";
        key "name";
        ordered-by user;
        description
          "Multi topology routing tables";
        leaf name {
          type string {
            junos:posix-pattern "!^((.*:.*)|(.{129,}))$";
            junos:pattern-message "Must be a non-reserved string of 128 characters or less";
          }
          description "Topology name";
        }

        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify multi topology routes";
        }
      }  // list topology

      container rib {
        description
          "Select table used by labeled unicast routes";
        uses rib-inet3;
      }  // container rib

      container explicit-null {
        presence "enable explicit-null";
        description
          "Advertise explicit null";
        leaf connected-only {
          type empty;
          description
            "Advertise explicit null only for connected routes";
        }
      }  // container explicit-null

      container protection {
        junos:must "((!(".. .. .. .. type internal") && !(".. .. .. .. .. type internal")))";
        junos:must-message "Protection for labeled-bgp valid only for EBGP";
        presence "enable protection";
        description
          "Compute backup path for active nexthop failure";
        uses apply-advanced;
      }  // container protection

      container egress-protection {
        junos:must "(!(".. .. .. .. type external"))";
        junos:must-message "Egress-protection is valid only for IBGP";
        presence "enable egress-protection";
        description
          "Egress router protection";
        uses apply-advanced;

        container context-identifier {
          description "Context identifier";
          uses apply-advanced;

          leaf context-id {
            junos:must "("protocols mpls egress-protection context-identifier $$ primary")";
            junos:must-message "context-identifier must be type primary";
            junos:must "("protocols mpls egress-protection context-identifier $$")";
            junos:must-message "same context-identifier must be defined in protocols mpls egress-protection";
            type jt:ipv4addr;
            description "IP address";
          }
        }  // container context-identifier

        leaf-list keep-import {
          junos:must "("policy-options policy-statement ")";
          junos:must-message "policy-options policy-statement";
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }
      }  // container egress-protection

      leaf resolve-vpn {
        type empty;
        description
          "Install received NLRI in inet.3 also";
      }

      container entropy-label {
        presence "enable entropy-label";
        description
          "Use entropy label for entropy label capable BGP LSPs";
        uses apply-advanced;

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Policy to select BGP LSPs to use entropy label";
        }

        leaf no-next-hop-validation {
          type empty;
          description
            "Don't validate next hop field against route next hop";
        }
      }  // container entropy-label
    }  // grouping bgp-afi-labeled

    grouping bgp-afi-srte {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority
    }  // grouping bgp-afi-srte

    grouping bgp-afi-topo {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container protection {
        junos:must "((!(".. .. .. .. type internal") && !(".. .. .. .. .. type internal")))";
        junos:must-message "Protection is valid only for EBGP";
        presence "enable protection";
        description
          "Compute backup path for active nexthop failure";
      }  // container protection

      list topology {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        junos:must "(!("routing-options no-multi-topology-routing"))";
        junos:must-message "Multi topology routing is disabled";
        key "name";
        ordered-by user;
        description
          "Multi topology routing tables";
        leaf name {
          type string {
            junos:posix-pattern "!^((.*:.*)|(.{129,}))$";
            junos:pattern-message "Must be a non-reserved string of 128 characters or less";
          }
          description "Topology name";
        }

        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify multi topology routes";
        }
      }  // list topology
    }  // grouping bgp-afi-topo

    grouping bgp-afi-vpn {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label
    }  // grouping bgp-afi-vpn

    grouping bgp-afi-vpn-protection {
      uses apply-advanced;

      container prefix-limit {
        description
          "Limit maximum number of prefixes from a peer";
        uses bgpaf-prefix-limit;
      }  // container prefix-limit

      container accepted-prefix-limit {
        description
          "Limit maximum number of prefixes accepted from a peer";
        uses bgpaf-accepted-prefix-limit;
      }  // container accepted-prefix-limit

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container add-path {
        description
          "Advertise multiple paths to peer";
        uses apath-options;
      }  // container add-path

      container aigp {
        presence "enable aigp";
        description
          "Allow sending and receiving of AIGP attribute";
        uses bgpaf-aigp-options;
      }  // container aigp

      leaf damping {
        type empty;
        description
          "Enable route flap damping";
      }

      leaf local-ipv4-address {
        type jt:ipv4addr;
        description "Local IPv4 address";
      }

      container loops {
        description
          "Allow local AS in received AS paths";
        uses bgpaf-loops;
      }  // container loops

      container delay-route-advertisements {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable delay-route-advertisements";
        description
          "Delay route updates for this family until FIB-sync";
        uses apply-advanced;

        leaf always-wait-for-krt-drain {
          type empty;
          description
            "Wait for KRT-queue drain for more-specific prefixes";
        }

        container minimum-delay {
          description
            "Minumum-delay to ensure KRT sees the route flash";
          uses apply-advanced;

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after RPD start";
          }

          leaf inbound-convergence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Min delay(sec) advertisement after source-peer sent all routes";
          }
        }  // container minimum-delay

        container maximum-delay {
          description
            "Maximum delay deferring routes";
          uses apply-advanced;

          leaf route-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement route age";
          }

          leaf routing-uptime {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 36000";
              }
            }
            description
              "Max delay(sec) advertisement after RPD start";
          }
        }  // container maximum-delay
      }  // container delay-route-advertisements

      container nexthop-resolution {
        description
          "Configure nexthop resolution properties";
        uses apply-advanced;

        leaf no-resolution {
          type empty;
          description
            "Consider nexthop good without resolution attempt";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Attempt preserving resolved nexthop chain in forwarding";
        }
      }  // container nexthop-resolution

      container defer-initial-multipath-build {
        presence
          "enable defer-initial-multipath-build";
        description
          "Defer initial multipath build until EOR is received";
        uses apply-advanced;

        leaf maximum-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          description
            "Max delay(sec) multipath build after peer is up";
        }
      }  // container defer-initial-multipath-build

      container graceful-restart {
        description
          "BGP graceful restart options";
        uses bgp-af-gr;
      }  // container graceful-restart

      leaf extended-nexthop {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        type empty;
        description
          "Extended nexthop encoding";
      }

      leaf extended-nexthop-color {
        type empty;
        description
          "Resolve using extended color nexthop";
      }

      leaf extended-nexthop-tunnel {
        type empty;
        description
          "Use BGP tunnel attribute";
      }

      leaf no-install {
        type empty;
        description
          "Dont install received routes in forwarding";
      }

      leaf route-age-bgp-view {
        type empty;
        description
          "Maintain BGP route's age based on Update messages only";
      }

      container output-queue-priority {
        description
          "Default output-queue to assign updates to";
        uses bgp-output-queue-priority-class;
      }  // container output-queue-priority

      container route-refresh-priority {
        description
          "Default output-queue to assign route refreshes to";
        uses bgp-output-queue-priority-class;
      }  // container route-refresh-priority

      container withdraw-priority {
        description
          "Default output-queue to assign withdrawn routes to";
        uses bgp-output-queue-priority-class;
      }  // container withdraw-priority

      leaf advertise-srv6-service {
        type empty;
        description "Advertise SRv6 service";
      }

      leaf accept-srv6-service {
        type empty;
        description "Accept SRv6 service";
      }

      container aggregate-label {
        presence "enable aggregate-label";
        description
          "Aggregate labels of incoming routes with the same FEC";
        uses apply-advanced;

        leaf community {
          type string;
          description
            "Community to identify the FEC of incoming routes";
        }
      }  // container aggregate-label

      container egress-protection {
        junos:must "(!(".. .. .. .. type external"))";
        junos:must-message "Egress-protection is valid only for IBGP";
        presence "enable egress-protection";
        description
          "Egress router protection";
        uses apply-advanced;

        container context-identifier {
          description "Context identifier";
          uses apply-advanced;

          leaf context-id {
            junos:must "("protocols mpls egress-protection context-identifier $$ primary")";
            junos:must-message "context-identifier must be type primary";
            junos:must "("protocols mpls egress-protection context-identifier $$")";
            junos:must-message "same context-identifier must be defined in protocols mpls egress-protection";
            type jt:ipv4addr;
            description "IP address";
          }
        }  // container context-identifier

        leaf-list keep-import {
          junos:must "("policy-options policy-statement ")";
          junos:must-message "policy-options policy-statement";
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }
      }  // container egress-protection
    }  // grouping bgp-afi-vpn-protection

    grouping bgp-output-queue-priority-class {
      choice class {
        leaf priority {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16";
            }
          }
          description
            "Output queue priority; higher is better";
        }
        leaf expedited {
          type empty;
          description
            "Expedited queue; highest priority";
        }
      }  // choice class
    }  // grouping bgp-output-queue-priority-class

    grouping bgp_filter_obj {
      description
        "Filter to apply to tracing";
      leaf match-on {
        type enumeration {
          enum "prefix" {
            value 0;
            description
              "Filter based on prefix";
          }
        }
        description
          "Argument on which to match";
      }

      leaf-list policy {
        type jt:policy-algebra;
        ordered-by user;
        description "Filter policy";
      }
    }  // grouping bgp_filter_obj

    grouping bgpaf-accepted-prefix-limit {
      uses apply-advanced;

      leaf maximum {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Maximum number of prefixes accepted from a peer";
      }

      container teardown {
        junos:must "(!(".. hide-excess"))";
        junos:must-message "Can't be configured together with hide-excess";
        junos:must "(!(".. drop-excess"))";
        junos:must-message "Can't be configured together with drop-excess";
        presence "enable teardown";
        description
          "Clear peer connection on reaching limit";
        uses apply-advanced;

        leaf limit-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of prefix-limit to start warnings";
        }

        container idle-timeout {
          presence "enable idle-timeout";
          description
            "Timeout before attempting to restart peer";
          choice idle-parm {
            leaf forever {
              type empty;
              description
                "Idle the peer until the user intervenes";
            }
            leaf timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2400";
                }
              }
              description
                "Timeout value, in minutes, for restarting peer";
            }
          }  // choice idle-parm
        }  // container idle-timeout
      }  // container teardown

      container drop-excess {
        junos:must "(!(".. hide-excess"))";
        junos:must-message "Can't be configured together with hide-excess";
        junos:must "(!(".. teardown"))";
        junos:must-message "Can't be configured together with teardown";
        presence "enable drop-excess";
        description
          "Drop routes from peer on reaching limit";
        uses apply-advanced;

        leaf limit-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of prefix-limit to start warnings";
        }
      }  // container drop-excess

      container hide-excess {
        junos:must "(!(".. teardown"))";
        junos:must-message "Can't be configured together with teardown";
        junos:must "(!(".. drop-excess"))";
        junos:must-message "Can't be configured together with drop-excess";
        presence "enable hide-excess";
        description
          "Hide routes from peer on reaching limit";
        uses apply-advanced;

        leaf limit-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of prefix-limit to start warnings";
        }
      }  // container hide-excess
    }  // grouping bgpaf-accepted-prefix-limit

    grouping bgpaf-aigp-options {
      uses apply-advanced;

      leaf disable {
        type empty;
        description
          "Disable sending and receiving of AIGP attribute";
      }
    }  // grouping bgpaf-aigp-options

    grouping bgpaf-loops {
      uses apply-advanced;

      leaf loops {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "1 .. 10";
          }
        }
        description "AS-Path loop count";
      }
    }  // grouping bgpaf-loops

    grouping bgpaf-prefix-limit {
      uses apply-advanced;

      leaf maximum {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Maximum number of prefixes from a peer";
      }

      container teardown {
        junos:must "(!(".. hide-excess"))";
        junos:must-message "Can't be configured together with hide-excess";
        junos:must "(!(".. drop-excess"))";
        junos:must-message "Can't be configured together with drop-excess";
        presence "enable teardown";
        description
          "Clear peer connection on reaching limit";
        uses apply-advanced;

        leaf limit-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of prefix-limit to start warnings";
        }

        container idle-timeout {
          presence "enable idle-timeout";
          description
            "Timeout before attempting to restart peer";
          choice idle-parm {
            leaf forever {
              type empty;
              description
                "Idle the peer until the user intervenes";
            }
            leaf timeout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2400";
                }
              }
              description
                "Timeout value, in minutes, for restarting peer";
            }
          }  // choice idle-parm
        }  // container idle-timeout
      }  // container teardown

      container drop-excess {
        junos:must "(!(".. hide-excess"))";
        junos:must-message "Can't be configured together with hide-excess";
        junos:must "(!(".. teardown"))";
        junos:must-message "Can't be configured together with teardown";
        presence "enable drop-excess";
        description
          "Drop routes from peer on reaching limit";
        uses apply-advanced;

        leaf limit-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of prefix-limit to start warnings";
        }
      }  // container drop-excess

      container hide-excess {
        junos:must "(!(".. teardown"))";
        junos:must-message "Can't be configured together with teardown";
        junos:must "(!(".. drop-excess"))";
        junos:must-message "Can't be configured together with drop-excess";
        presence "enable hide-excess";
        description
          "Hide routes from peer on reaching limit";
        uses apply-advanced;

        leaf limit-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of prefix-limit to start warnings";
        }
      }  // container hide-excess
    }  // grouping bgpaf-prefix-limit

    grouping bgpaf-traffic-statistics {
      uses apply-advanced;

      leaf labeled-path {
        type empty;
        description
          "Ingress labeled path statistics";
      }

      container file {
        description
          "Statistics file options";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf replace {
          type empty;
          status deprecated;
          description
            "Replace trace file rather than appending to it";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "10";
          description
            "Maximum number of trace files";
        }

        leaf no-stamp {
          type empty;
          status deprecated;
          description
            "Do not timestamp trace file";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice
      }  // container file

      leaf interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "60 .. 65535";
          }
        }
        description
          "Time to collect statistics (seconds)";
      }
    }  // grouping bgpaf-traffic-statistics

    grouping juniper-protocols-esis {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable ES-IS";
        }
      }  // choice enable-disable

      container traceoptions {
        description
          "Trace options for ES-IS";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "error" {
                value 0;
                description
                  "Trace errored packets";
              }
              enum "esh" {
                value 1;
                description
                  "Trace end system hello packets";
              }
              enum "ish" {
                value 2;
                description
                  "Trace intermediate system hello packets";
              }
              enum "graceful-restart" {
                value 3;
                description
                  "Trace graceful restart events";
              }
              enum "route" {
                value 4;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 5;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 6;
                description
                  "Trace general events";
              }
              enum "state" {
                value 7;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 8;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 9;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 10;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 11;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Preference of routes";
      }

      container graceful-restart {
        description
          "ES-IS graceful restart options";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 300";
            }
          }
          units "seconds";
          description
            "Maximum time for graceful restart to finish";
        }
      }  // container graceful-restart

      list interface {
        key "name";
        description
          "Interface configuration";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          units "seconds";
          description
            "Time after which neighbors think the interface is down";
        }

        leaf end-system-configuration-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          units "seconds";
          description
            "Suggested end system configuration timer";
        }

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable ES-IS on this interface";
          }
        }  // choice enable-disable
      }  // list interface
    }  // grouping juniper-protocols-esis

    grouping juniper-protocols-isis {
      uses apply-advanced;

      list interface {
        key "name";
        description
          "Interface configuration";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container ldp-synchronization {
          presence
            "enable ldp-synchronization";
          description
            "Advertise maximum metric until LDP is operational";
          uses ldp-sync-obj;
        }  // container ldp-synchronization

        list level {
          key "name";
          ordered-by user;
          description
            "Configure levels on this interface";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 2";
              }
            }
            description "IS-IS level number";
          }

          uses apply-advanced;

          leaf te-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 16777215";
              }
            }
            description
              "Traffic engineering metric";
          }

          leaf no-advertise-adjacency-segment {
            type empty;
            description
              "Do not advertise an adjacency segment for this level";
          }

          container ipv4-adjacency-segment {
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the level";
            junos:must "(!(".. .. no-advertise-adjacency-segment"))";
            junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
            description
              "Configure ipv4 adjacency segment";
            uses apply-advanced;

            container protected {
              description
                "Adjacency SID is eligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container protected

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container unprotected
          }  // container ipv4-adjacency-segment

          container ipv6-adjacency-segment {
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "ipv6-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same level";
            junos:must "(!(".. .. no-advertise-adjacency-segment"))";
            junos:must-message "ipv6-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
            description
              "Configure ipv6 adjacency segment";
            uses apply-advanced;

            container protected {
              description
                "Adjacency SID is eligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container protected

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container unprotected
          }  // container ipv6-adjacency-segment

          container srm6-adjacency-segment {
            description
              "Configure srm6 adjacency segment";
            uses apply-advanced;

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              leaf sid {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Set Adjacency SID Value";
              }
            }  // container unprotected
          }  // container srm6-adjacency-segment

          container srv6-adjacency-segment {
            description
              "Configure srv6 adjacency segment";
            uses apply-advanced;

            container protected {
              presence "enable protected";
              description
                "SRv6 Adjacency segment is eligible for protection";
              uses apply-advanced;

              list locator {
                key "name";
                ordered-by user;
                description
                  "Locator to bind SRv6 adjacency segment";
                leaf name {
                  junos:must "("routing-options source-packet-routing srv6 locator $$")";
                  junos:must-message "Referenced source-packet-routing srv6 must be defined";
                  type string;
                  description "Locator name";
                }

                uses apply-advanced;

                list end-x-sid {
                  key "name";
                  ordered-by user;
                  description
                    "Endpoint 128 bit address";
                  leaf name {
                    type jt:ipv6addr;
                  }

                  uses apply-advanced;

                  container flavor {
                    presence "enable flavor";
                    uses apply-advanced;

                    leaf psp {
                      type empty;
                      description
                        "Penultimate segment pop of the SRH";
                    }

                    leaf usp {
                      type empty;
                      description
                        "Ultimate segment pop of the SRH";
                    }

                    leaf usd {
                      type empty;
                      description
                        "Ultimate segment decapsulation";
                    }
                  }  // container flavor
                }  // list end-x-sid
              }  // list locator
            }  // container protected

            container unprotected {
              presence "enable unprotected";
              description
                "SRv6 Adjacency segment is uneligible for protection";
              uses apply-advanced;

              list locator {
                key "name";
                ordered-by user;
                description
                  "Locator to bind SRv6 adjacency segment";
                leaf name {
                  junos:must "("routing-options source-packet-routing srv6 locator $$")";
                  junos:must-message "Referenced source-packet-routing srv6 must be defined";
                  type string;
                  description "Locator name";
                }

                uses apply-advanced;

                list end-x-sid {
                  key "name";
                  ordered-by user;
                  description
                    "Endpoint 128 bit address";
                  leaf name {
                    type jt:ipv6addr;
                  }

                  uses apply-advanced;

                  container flavor {
                    presence "enable flavor";
                    uses apply-advanced;

                    leaf psp {
                      type empty;
                      description
                        "Penultimate segment pop of the SRH";
                    }

                    leaf usp {
                      type empty;
                      description
                        "Ultimate segment pop of the SRH";
                    }

                    leaf usd {
                      type empty;
                      description
                        "Ultimate segment decapsulation";
                    }
                  }  // container flavor
                }  // list end-x-sid
              }  // list locator
            }  // container unprotected
          }  // container srv6-adjacency-segment

          list lan-neighbor {
            junos:must "(!(".. ipv6-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if ipv6-adjacency-segment is configured in the same interface";
            junos:must "(!(".. ipv4-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if ipv4-adjacency-segment is configured in the same interface";
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if no-advertise-adjacency-segment is configured in the same level";
            junos:must "(!(".. .. no-advertise-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if  no-advertise-adjacency-segment is configured in the same interface";
            junos:must "(!(".. .. point-to-point"))";
            junos:must-message "lan-neighbor can't be configured for point-to-point interfaces";
            key "name";
            ordered-by user;
            description
              "Configuration specific to a LAN neighbor";
            leaf name {
              type jt:sysid;
              description "Neighbor's sysid";
            }

            uses apply-advanced;

            container ipv4-adjacency-segment {
              junos:must "(!(".. no-advertise-adjacency-segment"))";
              junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the level";
              junos:must "(!(".. .. no-advertise-adjacency-segment"))";
              junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
              description
                "Configure ipv4 adjacency segment";
              uses apply-advanced;

              container protected {
                description
                  "Adjacency SID is eligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container protected

              container unprotected {
                description
                  "Adjacency SID uneligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container unprotected
            }  // container ipv4-adjacency-segment

            container ipv6-adjacency-segment {
              junos:must "(!(".. no-advertise-adjacency-segment"))";
              junos:must-message "ipv6-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same level";
              junos:must "(!(".. .. no-advertise-adjacency-segment"))";
              junos:must-message "ipv6-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
              description
                "Configure ipv6 adjacency segment";
              uses apply-advanced;

              container protected {
                description
                  "Adjacency SID is eligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container protected

              container unprotected {
                description
                  "Adjacency SID uneligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container unprotected
            }  // container ipv6-adjacency-segment

            container srm6-adjacency-segment {
              description
                "Configure srm6 adjacency segment";
              uses apply-advanced;

              container unprotected {
                description
                  "Adjacency SID uneligible for protection";
                leaf sid {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Set Adjacency SID Value";
                }
              }  // container unprotected
            }  // container srm6-adjacency-segment

            container srv6-adjacency-segment {
              description
                "Configure srv6 adjacency segment";
              uses apply-advanced;

              container protected {
                presence "enable protected";
                description
                  "SRv6 Adjacency segment is eligible for protection";
                uses apply-advanced;

                list locator {
                  key "name";
                  ordered-by user;
                  description
                    "Locator to bind SRv6 adjacency segment";
                  leaf name {
                    junos:must "("routing-options source-packet-routing srv6 locator $$")";
                    junos:must-message "Referenced source-packet-routing srv6 must be defined";
                    type string;
                    description
                      "Locator name";
                  }

                  uses apply-advanced;

                  list end-x-sid {
                    key "name";
                    ordered-by user;
                    description
                      "Endpoint 128 bit address";
                    leaf name {
                      type jt:ipv6addr;
                    }

                    uses apply-advanced;

                    container flavor {
                      presence
                        "enable flavor";
                      uses apply-advanced;

                      leaf psp {
                        type empty;
                        description
                          "Penultimate segment pop of the SRH";
                      }

                      leaf usp {
                        type empty;
                        description
                          "Ultimate segment pop of the SRH";
                      }

                      leaf usd {
                        type empty;
                        description
                          "Ultimate segment decapsulation";
                      }
                    }  // container flavor
                  }  // list end-x-sid
                }  // list locator
              }  // container protected

              container unprotected {
                presence
                  "enable unprotected";
                description
                  "SRv6 Adjacency segment is uneligible for protection";
                uses apply-advanced;

                list locator {
                  key "name";
                  ordered-by user;
                  description
                    "Locator to bind SRv6 adjacency segment";
                  leaf name {
                    junos:must "("routing-options source-packet-routing srv6 locator $$")";
                    junos:must-message "Referenced source-packet-routing srv6 must be defined";
                    type string;
                    description
                      "Locator name";
                  }

                  uses apply-advanced;

                  list end-x-sid {
                    key "name";
                    ordered-by user;
                    description
                      "Endpoint 128 bit address";
                    leaf name {
                      type jt:ipv6addr;
                    }

                    uses apply-advanced;

                    container flavor {
                      presence
                        "enable flavor";
                      uses apply-advanced;

                      leaf psp {
                        type empty;
                        description
                          "Penultimate segment pop of the SRH";
                      }

                      leaf usp {
                        type empty;
                        description
                          "Ultimate segment pop of the SRH";
                      }

                      leaf usd {
                        type empty;
                        description
                          "Ultimate segment decapsulation";
                      }
                    }  // container flavor
                  }  // list end-x-sid
                }  // list locator
              }  // container unprotected
            }  // container srv6-adjacency-segment
          }  // list lan-neighbor

          container post-convergence-lfa {
            junos:must "(".. .. .. backup-spf-options use-post-convergence-lfa")";
            junos:must-message "Not allowed without 'protocols isis backup-spf-options use-post-convergence-lfa'";
            presence
              "enable post-convergence-lfa";
            description
              "Configure backup along post convergence on this interface";
            uses apply-advanced;

            container node-protection {
              presence
                "enable node-protection";
              description
                "Enable node protection";
              uses apply-advanced;

              leaf cost {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 16777215";
                  }
                }
                description
                  "Cost for node protection";
              }
            }  // container node-protection

            leaf srlg-protection {
              type empty;
              description
                "Enable srlg protection";
            }

            leaf fate-sharing-protection {
              type empty;
              description
                "Enable fate-sharing protection";
            }
          }  // container post-convergence-lfa

          container application-specific {
            description
              "Advertise application-specific TE attributes";
            uses apply-advanced;

            list attribute-group {
              key "name";
              max-elements 1;
              ordered-by user;
              description
                "Link attribute group name";
              leaf name {
                type string;
                description
                  "Link attribute group name";
              }

              uses apply-advanced;

              leaf te-metric {
                junos:must "(".. application")";
                junos:must-message "Atleast one application is must";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 16777215";
                  }
                }
                description
                  "Traffic engineering metric for this attribute group";
              }

              leaf-list admin-group {
                type string;
                max-elements 16;
                ordered-by user;
                description
                  "Administrative groups for this attribute-group";
              }

              container application {
                junos:must "((".. delay-metric" || (".. admin-group" || (".. te-metric" || (".. admin-groups" || (".. legacy" || ".. advertise-delay-metric"))))))";
                junos:must-message "Atleast one attribute must be configured";
                description
                  "Standard Applications part of this attribute-group";
                uses apply-advanced;

                leaf flex-algorithm {
                  type empty;
                  description
                    "Set X flag in standard application bit mask";
                }
              }  // container application
            }  // list attribute-group
          }  // container application-specific

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable IS-IS for this level";
            }
          }  // choice enable-disable

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 16777215";
              }
            }
            description
              "Metric for this level";
          }

          leaf ipv4-multicast-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 16777215";
              }
            }
            description
              "IPv4 multicast metric for this level";
          }

          leaf ipv6-unicast-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 16777215";
              }
            }
            description
              "IPv6 unicast metric for this level";
          }

          leaf ipv6-multicast-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 16777215";
              }
            }
            description
              "IPv6 multicast metric for this level";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type enumeration {
                enum "default" {
                  value 0;
                  description
                    "Default topology";
                }
                enum "ipv4-multicast" {
                  value 1;
                  description
                    "IPv4 multicast topology";
                }
                enum "ipv6-unicast" {
                  value 2;
                  description
                    "IPv6 unicast topology";
                }
                enum "ipv6-multicast" {
                  value 3;
                  description
                    "IPv6 multicast topology";
                }
              }
              description "Topology name";
            }

            uses apply-advanced;

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 16777215";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 16777215";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology

          leaf authentication-key {
            type jt:unreadable;
            status deprecated;
            description
              "Authentication key (password)";
          }

          leaf authentication-type {
            type enumeration {
              enum "md5" {
                value 0;
                status deprecated;
                description
                  "MD5 authentication";
              }
              enum "simple" {
                value 1;
                status deprecated;
                description
                  "Simple password authentication";
              }
            }
            status deprecated;
            description
              "Authentication type";
          }

          leaf hello-authentication-key {
            type jt:unreadable;
            description
              "Authentication key (password) for hello packets";
          }

          leaf hello-authentication-type {
            type enumeration {
              enum "md5" {
                value 0;
                description
                  "MD5 authentication";
              }
              enum "simple" {
                value 1;
                description
                  "Simple password authentication";
              }
            }
            description
              "Authentication type for hello packets";
          }

          leaf hello-authentication-key-chain {
            junos:must "(!(".. hello-authentication-type"))";
            junos:must-message "May not be configured with hello-authentication-type";
            junos:must "(!(".. hello-authentication-key"))";
            junos:must-message "May not be configured with hello-authentication-key";
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string {
              junos:posix-pattern "[A-za-z]$";
              junos:pattern-message "Keychain name must not end with number.";
              length "1 .. 128";
            }
            description "Key chain name";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 21845";
              }
            }
            units "seconds";
            description
              "Interval between hello packet transmissions";
          }

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            units "seconds";
            description
              "Time after which neighbors think the interface is down";
          }

          leaf priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 127";
              }
            }
            description
              "Designated router election priority";
          }

          container flood-reflector {
            junos:must "(".. .. level 1 disable")";
            junos:must-message "flood-reflector cannot be enabled on level 1 interface";
            junos:must "(("protocols isis level 2 flood-reflector" && !(".. .. level 1 flood-reflector")))";
            junos:must-message "flood-reflector is only supported on level 2 interfaces";
            presence
              "enable flood-reflector";
            description
              "Configure interface as flood-reflector";
            uses apply-advanced;

            leaf cluster-id {
              junos:must "("protocols isis level 2 flood-reflector client")";
              junos:must-message "flood-reflector client is not configured at isis level";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              description "Cluster-ID";
            }
          }  // container flood-reflector

          container passive {
            presence "enable passive";
            description
              "Do not run IS-IS at this level, but advertise it";
            uses apply-advanced;

            leaf remote-node-iso {
              junos:must "(".. remote-node-id")";
              junos:must-message "remote-node-id must be configured";
              type jt:sysid;
              description
                "ISO System-ID of the remote node";
            }

            leaf remote-node-id {
              junos:must "(".. remote-node-iso")";
              junos:must-message "remote-node-iso must be configured";
              type jt:ipv4addr;
              description
                "Remote address of the link";
            }
          }  // container passive
        }  // list level

        leaf delay-metric {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 16777215";
            }
          }
          units "microseconds";
          description "Delay metric";
        }

        container delay-measurement {
          presence
            "enable delay-measurement";
          description
            "Enable delay measurement";
          uses apply-advanced;

          leaf probe-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            units "seconds";
            description "Probe interval";
          }

          leaf probe-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 15";
              }
            }
            units "seconds";
            description "Probe count";
          }

          container advertisement {
            description
              "Delay advertisement";
            uses apply-advanced;

            container periodic {
              description
                "Periodic advertisement parameters";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 100";
                  }
                }
                units "percentage";
                description "Threshold";
              }

              leaf interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "30 .. 3600";
                  }
                }
                units "seconds";
                description "Interval";
              }
            }  // container periodic

            container accelerated {
              presence "enable accelerated";
              description
                "Accelerated advertisement parameters";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 100";
                  }
                }
                units "percentage";
                description "Threshold";
              }
            }  // container accelerated
          }  // container advertisement
        }  // container delay-measurement

        leaf no-advertise-adjacency-segment {
          type empty;
          description
            "Do not advertise an adjacency segment for this interface";
        }

        container auto-bandwidth {
          description
            "Auto bandwidth configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("protocols isis source-packet-routing traffic-statistics statistics-granularity per-interface")";
            junos:must-message "Config protocols isis source-packet-routing traffic-statistics statistics-granularity per-interface is must";
            junos:must "("routing-options auto-bandwidth template $$")";
            junos:must-message "Referenced auto-bandwidth template must be defined";
            type string;
            description
              "Auto bandwidth template name";
          }

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable Auto bandwidth on this interface";
            }
          }  // choice enable-disable
        }  // container auto-bandwidth

        choice protection-type {
          leaf link-protection {
            type empty;
            description
              "Protect interface from link faults only";
          }
          leaf node-link-protection {
            type empty;
            description
              "Protect interface from both link and node faults";
          }
        }  // choice protection-type

        leaf no-eligible-backup {
          type empty;
          description
            "Not eligible for backup traffic from protected interfaces";
        }

        leaf no-eligible-remote-backup {
          type empty;
          description
            "Not eligible for Remote-LFA backup traffic from protected interfaces";
        }

        container link-degradation-threshold {
          presence
            "enable link-degradation-threshold";
          description
            "Link up and down thresholds (in %) for proactive link protection";
          leaf link-down {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 100";
              }
            }
            description
              "Signal degradation threshold above which link marked down";
          }

          leaf link-up {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 100";
              }
            }
            description
              "Signal degradation threshold below which link is marked up.";
          }
        }  // container link-degradation-threshold

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable IS-IS on this interface";
          }
        }  // choice enable-disable

        leaf authentication-key {
          type jt:unreadable;
          status deprecated;
          description
            "Authentication key (password)";
        }

        leaf authentication-type {
          type enumeration {
            enum "md5" {
              value 0;
              status deprecated;
              description
                "MD5 authentication";
            }
            enum "simple" {
              value 1;
              status deprecated;
              description
                "Simple password authentication";
            }
          }
          status deprecated;
          description "Authentication type";
        }

        leaf flood-group {
          type string {
            junos:posix-pattern "^[[:xdigit:]]{2}.(([[:xdigit:]]){2}){1,2}((.(([[:xdigit:]]){2}){1,2}){0,1}){0,5}$";
            junos:pattern-message "At max 26 hexa decimal digits, standard ISO area ID format";
          }
          description
            "ISO Area that this interface should send LSPs to";
        }

        leaf hello-authentication-key {
          type jt:unreadable;
          status deprecated;
          description
            "Authentication key (password) for hello packets";
        }

        leaf hello-authentication-type {
          type enumeration {
            enum "md5" {
              value 0;
              status deprecated;
              description
                "MD5 authentication";
            }
            enum "simple" {
              value 1;
              status deprecated;
              description
                "Simple password authentication";
            }
          }
          status deprecated;
          description
            "Authentication type for hello packets";
        }

        leaf hello-padding-type {
          type enumeration {
            enum "strict" {
              value 0;
              description
                "Padding for all adjacency states";
            }
            enum "adaptive" {
              value 1;
              description
                "Padding until state of neighbor adjacency is 'up'";
            }
            enum "loose" {
              value 2;
              description
                "Padding until state of adjacency is 'initializing'";
            }
            enum "disable" {
              value 3;
              description
                "Do not add any padding for hello packets";
            }
          }
          default "loose";
          description
            "Type of padding for hello packets";
        }

        leaf interface-group-holddown-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 60";
            }
          }
          units "seconds";
          description
            "Time to wait before including in BBM calculation";
        }

        choice layer2-map-choice {
          leaf layer2-map {
            type empty;
            description
              "Kernel ARP/ND creation for nexthops";
          }
          leaf no-layer2-map {
            type empty;
            description
              "Don't kernel ARP/ND creation for nexthops";
          }
        }  // choice layer2-map-choice

        leaf max-hello-size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "512 .. 16000";
            }
          }
          description
            "Maximum size allowed for ISIS Hello PDUs";
        }

        leaf lsp-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000";
            }
          }
          units "milliseconds";
          default "100";
          description
            "Interval between LSP transmissions";
        }

        container csnp-interval {
          description
            "Rate of CSN packets (for LAN interfaces only)";
          choice csnp_interval_option {
            leaf csnp-interval-number {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              units "seconds";
              description
                "Interval between CSN packets";
            }
            leaf disable {
              type empty;
              description
                "Do not send CSN packets on this interface";
            }
          }  // choice csnp_interval_option
        }  // container csnp-interval

        container strict-dual-isis {
          junos:must "(!(".. .. topologies"))";
          junos:must-message "strict-dual-isis is not allowed with multi-topologies";
          presence "enable strict-dual-isis";
          description
            "Ensure both ipv4 and ipv6 connectivity for adjacencies on this interface";
          uses apply-advanced;

          leaf holdown {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            default "12";
            description
              "Set the holddown timer for strict spf computation";
          }
        }  // container strict-dual-isis

        container mesh-group {
          description
            "Add the interface to a mesh group";
          choice mesh_group_option {
            leaf mesh-group-number {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Mesh group number for this interface";
            }
            leaf blocked {
              type empty;
              description
                "Do not flood new LSPs on this interface";
            }
          }  // choice mesh_group_option
        }  // container mesh-group

        leaf point-to-point {
          type empty;
          description
            "Treat interface as point to point";
        }

        container passive {
          presence "enable passive";
          description
            "Do not run IS-IS, but advertise it";
          uses apply-advanced;

          leaf remote-node-iso {
            junos:must "(".. remote-node-id")";
            junos:must-message "remote-node-id must be configured";
            type jt:sysid;
            description
              "ISO System-ID of the remote node";
          }

          leaf remote-node-id {
            junos:must "(".. remote-node-iso")";
            junos:must-message "remote-node-iso must be configured";
            type jt:ipv4addr;
            description
              "Remote address of the link";
          }
        }  // container passive

        leaf checksum {
          type empty;
          description
            "Enable checksum for packets on this interface";
        }

        leaf no-unicast-topology {
          type empty;
          description
            "Do not include this interface in the unicast topology";
        }

        leaf no-ipv4-multicast {
          type empty;
          description
            "Do not include this interface in the IPv4 multicast topology";
        }

        leaf no-ipv6-unicast {
          type empty;
          description
            "Do not include this interface in the IPv6 unicast topology";
        }

        leaf no-ipv6-multicast {
          type empty;
          description
            "Do not include this interface in the IPv6 multicast topology";
        }

        leaf no-adjacency-down-notification {
          type empty;
          description
            "Do not inform other protocols about adjacency down events";
        }

        container bfd-liveness-detection {
          junos:must "(!(".. family inet bfd-liveness-detection"))";
          junos:must-message "To configure bfd-liveness-detection, 'family inet bfd-liveness-detection' must not be configured";
          status deprecated;
          description
            "Bidirectional Forwarding Detection options";
          uses apply-advanced;

          leaf version {
            type enumeration {
              enum "0" {
                value 0;
                description
                  "BFD version 0 (deprecated)";
              }
              enum "1" {
                value 1;
                description "BFD version 1";
              }
              enum "automatic" {
                value 2;
                description
                  "Choose BFD version automatically";
              }
            }
            default "automatic";
            description
              "BFD protocol version number";
          }

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit and receive interval";
          }

          leaf minimum-transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            status deprecated;
            description
              "Minimum transmit interval";
          }

          leaf minimum-receive-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum receive interval";
          }

          leaf multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            default "3";
            description
              "Detection time multiplier";
          }

          choice adaptation-choice {
            leaf no-adaptation {
              type empty;
              description
                "Disable adaptation";
            }
          }  // choice adaptation-choice

          container transmit-interval {
            description
              "Transmit-interval options";
            uses apply-advanced;

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit interval";
            }

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High transmit interval triggering a trap";
            }
          }  // container transmit-interval

          container detection-time {
            description
              "Detection-time options";
            uses apply-advanced;

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High detection-time triggering a trap";
            }
          }  // container detection-time

          container authentication {
            description
              "Authentication options";
            uses apply-advanced;

            leaf key-chain {
              junos:must "(".. algorithm")";
              junos:must-message "May not be configured without algorithm";
              junos:must "("security authentication-key-chains key-chain $$")";
              junos:must-message "Referenced key-chain must be defined";
              type string;
              description "Key chain name";
            }

            leaf algorithm {
              junos:must "(".. key-chain")";
              junos:must-message "May not be configured without key-chain";
              type enumeration {
                enum "simple-password" {
                  value 0;
                  description
                    "Simple password";
                }
                enum "keyed-md5" {
                  value 1;
                  description
                    "Keyed message Digest 5";
                }
                enum "meticulous-keyed-md5" {
                  value 2;
                  description
                    "Meticulous keyed message Digest 5";
                }
                enum "keyed-sha-1" {
                  value 3;
                  description
                    "Keyed secure hash algorithm (SHA1) ";
                }
                enum
                  "meticulous-keyed-sha-1" {
                  value 4;
                  description
                    "Meticulous keyed secure hash algorithm (SHA1) ";
                }
              }
              description "Algorithm name";
            }

            leaf loose-check {
              type empty;
              description
                "Verify authentication only if authentication is negotiated";
            }
          }  // container authentication
        }  // container bfd-liveness-detection

        list family {
          key "name";
          ordered-by user;
          description
            "Address family specific interface attributes";
          leaf name {
            type enumeration {
              enum "inet" {
                value 0;
                description "IPv4 family";
              }
              enum "inet6" {
                value 1;
                description "IPv6 family";
              }
            }
          }

          uses apply-advanced;

          container bfd-liveness-detection {
            junos:must "(!((".. .. bfd-liveness-detection" && ".. .. family inet bfd-liveness-detection")))";
            junos:must-message "bfd-liveness-detection and 'family inet bfd-liveness-detection' cannot be configured at the same time";
            description
              "Bidirectional Forwarding Detection options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication
          }  // container bfd-liveness-detection
        }  // list family
      }  // list interface

      container source-packet-routing {
        junos:must "(!(".. srm6"))";
        junos:must-message "must not have 'protocols isis srm6' configured";
        presence
          "enable source-packet-routing";
        description
          "Enable Source Packet Routing (SPRING)";
        uses apply-advanced;

        container adjacency-segment {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          description
            "Configure attributes for Adjacency Segments in SPRING";
          uses apply-advanced;

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "180000 .. 900000";
              }
            }
            description
              "Duration(ms) for which adjacency segments will be retained after isolating from an interface";
          }
        }  // container adjacency-segment

        container udp-tunneling {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          description
            "Enable SR over UDP feature";
          uses apply-advanced;

          leaf encapsulation {
            type empty;
            description
              "Enable UDP Tunnel Encapsulation";
          }

          leaf decapsulation {
            type empty;
            description
              "Enable UDP Tunnel decapsulation";
          }
        }  // container udp-tunneling

        container srgb {
          junos:must "(!(".. node-segment index-range"))";
          junos:must-message "May not be confiugred with node-segment index-range";
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          description
            "Set the SRGB global block in SPRING";
          leaf start-label {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Start range for SRGB label block";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Index to the SRGB start label block";
          }
        }  // container srgb

        container node-segment {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          description
            "Enable support for Node segments in SPRING";
          uses apply-advanced;

          leaf ipv4-index {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 199999";
              }
            }
            description
              "Set IPv4 Node Segment index";
          }

          leaf ipv6-index {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 199999";
              }
            }
            description
              "Set IPv6 Node Segment index";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "32 .. 16385";
              }
            }
            description
              "Set Range of Node Segment indices allowed";
          }
        }  // container node-segment

        leaf-list flex-algorithm {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "128 .. 255";
            }
          }
          max-elements 16;
          description
            "Flex-algorithms we would like to participate in";
        }

        leaf use-flex-algorithm-metric-always {
          type empty;
          description
            "Use flex-algo prefix metric whenever available";
        }

        leaf strict-asla-based-flex-algorithm {
          type empty;
          description
            "Flex-Algorithm to ignore links not having ASLA sub-TLVs";
        }

        leaf new-capability-subtlv {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          type empty;
          description
            "Advertise all ranges in single spring capability subtlv";
        }

        leaf explicit-null {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          type empty;
          description
            "Set E and P bits in all Prefix SID advertisements";
        }

        leaf mapping-server {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          junos:must "("routing-options source-packet-routing mapping-server-entry $$")";
          junos:must-message "Referenced source-packet-routing mapping-server-entry must be defined";
          type string;
          description "Mapping server name";
        }

        leaf no-strict-spf {
          type empty;
          description
            " Disable strict spf algo 1 advertisement";
        }

        leaf ldp-stitching {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          type empty;
          description
            "Enable SR to LDP stitching";
        }

        container srv6 {
          presence "enable srv6";
          description
            "Enable IPv6 Segment Routing (SRv6)";
          uses apply-advanced;

          list locator {
            key "name";
            ordered-by user;
            description "SRv6 Locator";
            leaf name {
              junos:must "("routing-options source-packet-routing srv6 locator $$")";
              junos:must-message "Referenced source-packet-routing srv6 must be defined";
              type string;
              description "Locator name";
            }

            uses apply-advanced;

            list end-sid {
              key "name";
              ordered-by user;
              leaf name {
                type jt:ipv6addr;
              }

              uses apply-advanced;

              container flavor {
                presence "enable flavor";
                uses apply-advanced;

                leaf psp {
                  type empty;
                  description
                    "Penultimate segment pop of the SRH";
                }

                leaf usp {
                  type empty;
                  description
                    "Ultimate segment pop of the SRH";
                }

                leaf usd {
                  type empty;
                  description
                    "Ultimate segment decapsulation";
                }
              }  // container flavor
            }  // list end-sid
          }  // list locator
        }  // container srv6

        container sensor-based-stats {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          description
            "Configure sensor based stats in SPRING";
          uses apply-advanced;

          container per-interface-per-member-link {
            description
              "Configure sensor based stats per nexthop";
            leaf ingress {
              type empty;
              description
                "Enable sensor based stats on ingress interface";
            }

            leaf egress {
              type empty;
              description
                "Enable sensor based stats on egress interface";
            }
          }  // container per-interface-per-member-link

          container per-sid {
            description
              "Configure sensor based stats per spring route";
            leaf ingress {
              type empty;
              description
                "Enable sensor based stats for per-sid ingress accounting";
            }

            leaf egress {
              type empty;
              description
                "Enable sensor based stats for IP-MPLS egress accounting";
            }
          }  // container per-sid
        }  // container sensor-based-stats

        container traffic-statistics {
          junos:must "(!(".. .. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          description
            "Enable support for traffic statistics in SPRING";
          uses apply-advanced;

          container statistics-granularity {
            description
              "Granularity for traffic statistics in SPRING";
            uses apply-advanced;

            leaf per-interface {
              type empty;
              description
                "Interface Based traffic statistics in SPRING";
            }
          }  // container statistics-granularity

          leaf auto-bandwidth {
            junos:must "("protocols isis source-packet-routing traffic-statistics statistics-granularity per-interface")";
            junos:must-message "Config protocols isis source-packet-routing traffic-statistics statistics-granularity per-interface is must";
            junos:must "("routing-options auto-bandwidth template $$")";
            junos:must-message "Referenced auto-bandwidth template must be defined";
            type string;
            description
              "Auto bandwidth name";
          }
        }  // container traffic-statistics
      }  // container source-packet-routing

      container srm6 {
        junos:must "(!(".. source-packet-routing"))";
        junos:must-message "must not have 'protocols isis source-packet-routing' configured";
        presence "enable srm6";
        description "Enable SRm6";
        uses apply-advanced;

        container sid {
          description
            "Configure attributes for SID in srm6";
          uses apply-advanced;

          leaf node-sid {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description "Set Node SID Value";
          }

          leaf address {
            type jt:ipv6addr;
            description
              "IPv6 address corresponding to SID";
          }
        }  // container sid
      }  // container srm6

      list level {
        key "name";
        ordered-by user;
        description
          "Configure global level attributes";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 2";
            }
          }
          description "IS-IS level number";
        }

        uses apply-advanced;

        leaf labeled-preference {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "labeled-preference cannot be specified without 'protocols isis source-packet-routing'";
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of labeled IS-IS routes";
        }

        leaf srv6-preference {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "srv6-preference cannot be specified without 'protocols isis source-packet-routing'";
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of SRV6 IS-IS routes";
        }

        leaf flex-algorithm-preference {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "flex-algorithm-preference cannot be specified without 'protocols isis source-packet-routing'";
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of flex-algorithm L-ISIS routes";
        }

        container source-packet-routing {
          presence
            "enable source-packet-routing";
          description
            "Enable Source Packet Routing (SPRING)";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable Source Packet Routing on this level";
            }
          }  // choice enable-disable

          leaf srms-preference {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Set SRMS preference value";
          }
        }  // container source-packet-routing

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable IS-IS on this level";
          }
        }  // choice enable-disable

        leaf authentication-key {
          type jt:unreadable;
          description
            "Authentication key (password)";
        }

        leaf authentication-type {
          type enumeration {
            enum "md5" {
              value 0;
              description
                "MD5 authentication";
            }
            enum "simple" {
              value 1;
              description
                "Simple password authentication";
            }
          }
          description "Authentication type";
        }

        leaf purge-originator {
          type enumeration {
            enum "self" {
              value 0;
              description
                "Add POI only for self-originated purge LSPs";
            }
            enum "empty" {
              value 1;
              description
                "Add POI for purge LSPs who do not have POI information";
            }
          }
          description
            "Add Purge Originator information";
        }

        leaf no-hello-authentication {
          type empty;
          description
            "Disable authentication for hello packets";
        }

        leaf no-csnp-authentication {
          type empty;
          description
            "Disable authentication for CSN packets";
        }

        leaf no-psnp-authentication {
          type empty;
          description
            "Disable authentication for PSN packets";
        }

        leaf authentication-key-chain {
          junos:must "(!(".. authentication-type"))";
          junos:must-message "May not be configured with authentication-type";
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          junos:must "("security authentication-key-chains key-chain $$")";
          junos:must-message "Referenced key-chain must be defined";
          type string {
            junos:posix-pattern "[A-za-z]$";
            junos:pattern-message "Keychain name must not end with number.";
            length "1 .. 128";
          }
          description "Key chain name";
        }

        leaf wide-metrics-only {
          junos:must "(!(".. .. clns-routing"))";
          junos:must-message "wide-metrics-only cannot be specified with clns-routing";
          type empty;
          description
            "Generate wide metrics only";
        }

        leaf preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of internal routes";
        }

        leaf external-preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of external routes";
        }

        leaf prefix-export-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Maximum number of external prefixes that can be exported";
        }

        container flood-reflector {
          junos:must "(!(".. .. level 1 flood-reflector"))";
          junos:must-message "Flood-reflector is supported only in level 2";
          description
            "Enable flood-reflector";
          uses apply-advanced;

          container reflector {
            junos:must "(!(".. client"))";
            junos:must-message "flood-reflector and client can't be configured together";
            description
              "Configure this as a flood-reflector";
            uses apply-advanced;

            leaf cluster-id {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              description "Cluster-ID";
            }
          }  // container reflector

          leaf client {
            type empty;
            description
              "Configure interface as flood-reflector client";
          }
        }  // container flood-reflector
      }  // list level

      list interface-group {
        key "name";
        description
          "Interface grouping configuration";
        leaf name {
          type string;
          description "Interface group name";
        }

        uses apply-advanced;

        list level {
          key "name";
          ordered-by user;
          description
            "Configure levels on this interface-group";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 2";
              }
            }
            description "IS-IS level number";
          }

          uses apply-advanced;

          container ipv4-adjacency-segment {
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the level";
            junos:must "(!(".. .. no-advertise-adjacency-segment"))";
            junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
            description
              "Configure ipv4 adjacency segment";
            uses apply-advanced;

            container protected {
              description
                "Adjacency SID is eligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container protected

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container unprotected
          }  // container ipv4-adjacency-segment

          container ipv6-adjacency-segment {
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "ipv6-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same level";
            junos:must "(!(".. .. no-advertise-adjacency-segment"))";
            junos:must-message "ipv6-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
            description
              "Configure ipv6 adjacency segment";
            uses apply-advanced;

            container protected {
              description
                "Adjacency SID is eligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container protected

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container unprotected
          }  // container ipv6-adjacency-segment

          container srm6-adjacency-segment {
            description
              "Configure srm6 adjacency segment";
            uses apply-advanced;

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              leaf sid {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Set Adjacency SID Value";
              }
            }  // container unprotected
          }  // container srm6-adjacency-segment

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type enumeration {
                enum "default" {
                  value 0;
                  description
                    "Default topology";
                }
                enum "ipv4-multicast" {
                  value 1;
                  description
                    "IPv4 multicast topology";
                }
                enum "ipv6-unicast" {
                  value 2;
                  description
                    "IPv6 unicast topology";
                }
                enum "ipv6-multicast" {
                  value 3;
                  description
                    "IPv6 multicast topology";
                }
              }
              description "Topology name";
            }

            uses apply-advanced;

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 16777215";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 16777215";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list level

        container link-group-protection {
          junos:must "(!(".. .. backup-spf-options"))";
          junos:must-message "Backup SPF options can't be configured";
          description
            "Configure link group protection";
          uses apply-advanced;

          leaf minimum-bandwidth {
            type string;
            description
              "Minimum bandwidth to carry traffic";
          }

          leaf revert-bandwidth {
            type string;
            description
              "Revert bandwidth to carry traffic";
          }
        }  // container link-group-protection

        list interface {
          key "name";
          description
            "List interfaces for this group";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf weight {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Interface weight for adjacency set";
          }
        }  // list interface
      }  // list interface-group

      container spf-options {
        description
          "Configure SPF attributes";
        uses apply-advanced;

        container microloop-avoidance {
          description
            "Configure microloop avoidance mechanisms";
          uses apply-advanced;

          container post-convergence-path {
            junos:must "(!(".. use-route-convergence-delay"))";
            junos:must-message "use-route-convergence-delay is not allowed with post-convergence-path";
            presence
              "enable post-convergence-path";
            description
              "Temporarily install post-convergence path for routes potentially affected by microloops";
            uses apply-advanced;

            leaf delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "500 .. 60000";
                }
              }
              units "milliseconds";
              description
                "Time after which temporary post-convergence paths are removed";
            }

            leaf maximum-labels {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 8";
                }
              }
              description
                "Set maximum number of label supported for Micro-Loop-Avoidance calculations";
            }

            leaf maximum-srv6-sids {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 6";
                }
              }
              description
                "Set maximum number of SRV6 SIDs supported for Micro-Loop-Avoidance calculations";
            }
          }  // container post-convergence-path
        }  // container microloop-avoidance

        leaf delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "50 .. 1000";
            }
          }
          units "milliseconds";
          description
            "Time to wait before running an SPF";
        }

        leaf holddown {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2000 .. 10000";
            }
          }
          units "milliseconds";
          description
            "Time to hold down before running an SPF";
        }

        leaf rapid-runs {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 5";
            }
          }
          description
            "Number of rapid SPF runs before SPF holddown";
        }

        container multipath {
          description
            "Configure multipath options";
          uses apply-advanced;

          container weighted {
            description
              "Weighted multipath options";
            uses apply-advanced;

            leaf one-hop {
              type empty;
              description
                "Enable load balancing on onehop multipath based on interface bandwidth";
            }
          }  // container weighted
        }  // container multipath
      }  // container spf-options

      container traceoptions {
        description
          "Trace options for IS-IS";
        uses apply-advanced;

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "traffic-statistics" {
                value 0;
                description
                  "Trace traffic-statistics related events";
              }
              enum "post-convergence-lfa" {
                value 1;
                description
                  "Trace post-convergence-lfa related events";
              }
              enum "error" {
                value 2;
                description
                  "Trace errored packets";
              }
              enum "spf" {
                value 3;
                description
                  "Trace SPF events";
              }
              enum "packets" {
                value 4;
                description
                  "Trace IS-IS packets";
              }
              enum "hello" {
                value 5;
                description
                  "Trace hello packets";
              }
              enum "lsp" {
                value 6;
                description
                  "Trace link-state packets";
              }
              enum "psn" {
                value 7;
                description
                  "Trace partial sequence number (PSN) packets";
              }
              enum "csn" {
                value 8;
                description
                  "Trace complete sequence number (CSN) packets";
              }
              enum "layer2-map" {
                value 9;
                description
                  "Trace ARP/ND kernel state manipulation";
              }
              enum "lsp-generation" {
                value 10;
                description
                  "Trace LSP generation";
              }
              enum "graceful-restart" {
                value 11;
                description
                  "Trace graceful restart events";
              }
              enum "ldp-synchronization" {
                value 12;
                description
                  "Trace synchronization between IS-IS and LDP";
              }
              enum "nsr-synchronization" {
                value 13;
                description
                  "Trace NSR synchronization events";
              }
              enum "spring" {
                value 14;
                description
                  "Trace source packet routing";
              }
              enum "prefix-sid" {
                value 15;
                description
                  "Trace source packet routing, prefix-sids";
              }
              enum "flex-algorithm" {
                value 16;
                description
                  "Trace flex-algorithm related events";
              }
              enum "adj-sid" {
                value 17;
                description
                  "Trace adj-sid related events";
              }
              enum "route" {
                value 18;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 19;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 20;
                description
                  "Trace general events";
              }
              enum "state" {
                value 21;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 22;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 23;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 24;
                description
                  "Trace routing protocol timer processing";
              }
              enum "srv6" {
                value 25;
                description
                  "Trace srv6 related events";
              }
              enum "rmopd" {
                value 26;
                description
                  "Trace rmopd interactions";
              }
              enum "all" {
                value 27;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file
      }  // container traceoptions

      container backup-spf-options {
        description
          "Configure backup SPF attributes";
        uses apply-advanced;

        container remote-backup-calculation {
          junos:must "(!(".. .. backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols isis backup-spf-options use-post-convergence-lfa'";
          presence
            "enable remote-backup-calculation";
          description
            "Calculate Remote LFA backup nexthops";
          uses apply-advanced;
        }  // container remote-backup-calculation

        container use-post-convergence-lfa {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "Configuration of 'protocols isis source-packet-routing' is must";
          presence
            "enable use-post-convergence-lfa";
          description
            "Calculate Post Convergence Backup Nexthops";
          uses apply-advanced;

          leaf maximum-labels {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 8";
              }
            }
            description
              "Set maximum number of label supported for post convergence path calculations";
          }

          leaf maximum-srv6-sids {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 6";
              }
            }
            description
              "Set maximum number of SRV6 SIDs for post convergence path calculations";
          }

          leaf maximum-backup-paths {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 8";
              }
            }
            description
              "Set maximum equal cost backup post convergence paths";
          }
        }  // container use-post-convergence-lfa

        container use-source-packet-routing {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "Use of SPRING paths as backup can't be configured without configuring 'protocols isis source-packet-routing'";
          presence
            "enable use-source-packet-routing";
          description
            "Use SPRING routed paths for protection";
          uses apply-advanced;
        }  // container use-source-packet-routing

        leaf per-prefix-calculation {
          type empty;
          description
            "Calculate backup nexthops for non-best prefix originators";
        }

        leaf node-link-degradation {
          junos:must "(!(".. .. backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols isis backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Degrade to link protection when nodelink protection not available";
        }
      }  // container backup-spf-options

      list context-identifier {
        key "name";
        ordered-by user;
        description
          "Configuration for advertisement of a context-identifier ";
        leaf name {
          type jt:ipprefix;
          description
            "Context identifier range";
        }

        uses apply-advanced;

        list level {
          key "name";
          ordered-by user;
          description
            "Configure global level attributes";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 2";
              }
            }
            description "IS-IS level number";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable advertisements to this level";
            }
          }  // choice enable-disable
        }  // list level
      }  // list context-identifier

      container traffic-engineering {
        description
          "Configure traffic engineering attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable traffic engineering";
          }
        }  // choice enable-disable

        leaf l3-unicast-topology {
          type empty;
          description
            "Download IGP topology into TED";
        }

        leaf ipv6 {
          type empty;
          description "Enable TEDv6";
        }

        leaf credibility-protocol-preference {
          type empty;
          description
            "Follow IGP protocol preference for TED protocol credibility";
        }

        leaf ipv4-multicast-rpf-routes {
          junos:must "(!(".. .. topologies ipv4-multicast"))";
          junos:must-message "ipv4-multicast-rpf-routes cannot be used with the ipv4-multicast topology";
          junos:must "(!(".. .. multicast-topology"))";
          junos:must-message "ipv4-multicast-rpf-routes cannot be used with multicast-topology";
          junos:must "(".. shortcuts")";
          junos:must-message "ipv4-multicast-rpf-routes cannot be used without shortcuts";
          type empty;
          status deprecated;
          description
            "Install IPv4 routes for multicast RPF checks into inet.2";
        }

        leaf ignore-lsp-metrics {
          type empty;
          description
            "Ignore label-switched path metrics when doing shortcuts";
        }

        container tunnel-source-protocol {
          description
            "Protocols from which to pick label-switched paths";
          uses apply-advanced;

          container rsvp {
            presence "enable rsvp";
            description
              "Pick label-switched paths from rsvp";
            uses apply-advanced;

            leaf preference {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "Preference for label-switched paths from this protocol";
            }
          }  // container rsvp

          container spring-te {
            presence "enable spring-te";
            description
              "Pick label-switched paths from spring-te";
            uses apply-advanced;

            leaf preference {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "Preference for label-switched paths from this protocol";
            }
          }  // container spring-te
        }  // container tunnel-source-protocol

        list family {
          key "name";
          ordered-by user;
          description
            "Address family specific traffic-engineering attributes";
          leaf name {
            type enumeration {
              enum "inet" {
                value 0;
                description "IPv4 family";
              }
              enum "inet6" {
                value 1;
                description "IPv6 family";
              }
              enum "inet-mpls" {
                value 2;
                description
                  "IPv4-MPLS family";
              }
              enum "inet6-mpls" {
                value 3;
                description
                  "IPv6-MPLS family";
              }
            }
          }

          uses apply-advanced;

          container shortcuts {
            junos:must "(!(".. .. no-ldp-shortcuts"))";
            junos:must-message "Shortcuts configuration cannot be used with no-ldp-shortcuts";
            junos:must "(!(".. .. shortcuts"))";
            junos:must-message "per-family shortcuts configuration cannot be used with global shortcuts enabled";
            junos:must "(!(".. .. disable"))";
            junos:must-message "shortcuts cannot be used without traffic-engineering enabled";
            presence "enable shortcuts";
            description
              "Use label-switched paths as next hops, if possible";
            uses apply-advanced;

            leaf multicast-rpf-routes {
              junos:must "(!(".. .. .. .. multicast-topology"))";
              junos:must-message "ipv4 multicast-rpf-routes cannot be used with the multicast-topology";
              junos:must "(!(".. .. .. .. topologies ipv4-multicast"))";
              junos:must-message "ipv4 multicast-rpf-routes cannot be used with the ipv4-multicast topology";
              type empty;
              description
                "Install routes for multicast RPF checks into multicast RIB";
            }

            leaf-list import {
              type jt:policy-algebra;
              ordered-by user;
              description
                "Import policy for shortcut";
            }
          }  // container shortcuts
        }  // list family

        container shortcuts {
          presence "enable shortcuts";
          status deprecated;
          description
            "Use label-switched paths as next hops, if possible";
          uses apply-advanced;

          leaf ignore-lsp-metrics {
            type empty;
            status deprecated;
            description
              "Ignore label-switched path metrics when doing shortcuts";
          }
        }  // container shortcuts

        container multipath {
          description
            "Configure label-switched-path multipath behavior";
          uses apply-advanced;

          leaf lsp-equal-cost {
            junos:must "((".. .. shortcuts" || (".. .. family $$={inet} shortcuts" || (".. .. family $$={inet6} shortcuts" || ".. .. family $$={iso} shortcuts"))))";
            junos:must-message "Traffic engineering shortcuts for inet, inet6 or iso family must be configured.";
            type empty;
            description
              "Include equal cost label-switched-paths";
          }
        }  // container multipath

        container advertisement {
          description
            "Configure traffic engineering attribute advertisements";
          uses apply-advanced;

          leaf always {
            type empty;
            description
              "Advertise applicable legacy TE attributes always";
          }

          container application-specific {
            description
              "Advertise application-specific TE attributes";
            uses apply-advanced;

            container all-applications {
              presence
                "enable all-applications";
              description
                "Advertise common application-specific link attributes";
              uses apply-advanced;

              leaf legacy {
                type empty;
                description
                  "Use legacy TE attributes for this application";
              }
            }  // container all-applications
          }  // container application-specific
        }  // container advertisement
      }  // container traffic-engineering

      list label-switched-path {
        junos:must "(!(".. traffic-engineering ipv4-multicast-rpf-routes"))";
        junos:must-message "cannot advertise LSPs when using ipv4-multicast-rpf-routes";
        key "name";
        ordered-by user;
        description
          "Configuration for advertisement of a label-switched path";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description
            "Name of label-switched path to be advertised";
        }

        uses apply-advanced;

        list level {
          key "name";
          ordered-by user;
          description
            "Configure global level attributes";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 2";
              }
            }
            description "IS-IS level number";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable advertisements to this level";
            }
          }  // choice enable-disable

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 16777215";
              }
            }
            description
              "SPF metric for this level";
          }
        }  // list level
      }  // list label-switched-path

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable IS-IS";
        }
      }  // choice enable-disable

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }

      leaf reference-bandwidth {
        type string;
        description
          "Bandwidth for calculating metric defaults";
      }

      choice layer2-map-choice {
        leaf layer2-map {
          type empty;
          description
            "Kernel ARP/ND creation for nexthops";
        }
        leaf no-layer2-map {
          type empty;
          description
            "Don't kernel ARP/ND creation for nexthops";
        }
      }  // choice layer2-map-choice

      leaf job-stats {
        type empty;
        description "Collect job statistics";
      }

      leaf lsp-lifetime {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "350 .. 65535";
          }
        }
        units "seconds";
        description "Lifetime of LSPs";
      }

      leaf max-lsp-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "512 .. 1492";
          }
        }
        default "1492";
        description
          "Maximum size allowed for LSPs";
      }

      leaf max-hello-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "512 .. 16000";
          }
        }
        default "1492";
        description
          "Maximum size allowed for ISIS Hello PDUs";
      }

      leaf max-snp-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "512 .. 1400";
          }
        }
        default "1400";
        description
          "Maximum size allowed for Sequence Number (Complete/Partial) PDUs";
      }

      leaf spf-delay {
        junos:must "(!(".. spf-options delay"))";
        junos:must-message "You can only configure either spf-delay or delay under spf-options";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "50 .. 120000";
          }
        }
        units "milliseconds";
        status deprecated;
        description
          "Time to wait before running an SPF";
      }

      leaf authentication-key {
        type jt:unreadable;
        status deprecated;
        description
          "Authentication key (password)";
      }

      leaf authentication-type {
        type enumeration {
          enum "md5" {
            value 0;
            status deprecated;
            description "MD5 authentication";
          }
          enum "simple" {
            value 1;
            status deprecated;
            description
              "Simple password authentication";
          }
        }
        status deprecated;
        description "Authentication type";
      }

      leaf loose-authentication-check {
        type empty;
        description
          "Verify authentication only if PDU has authentication TLV";
      }

      leaf max-areas {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "3 .. 36";
          }
        }
        default "3";
        description
          "Maximum number of advertised Areas";
      }

      leaf no-authentication-check {
        type empty;
        description
          "Disable authentication checking";
      }

      leaf no-ipv4-routing {
        type empty;
        description "Disable IPv4 routing";
      }

      leaf no-ipv6-routing {
        type empty;
        description "Disable IPv6 routing";
      }

      leaf clns-routing {
        type empty;
        description "Enable CLNS routing";
      }

      leaf clns-updown-compatibility {
        type empty;
        description
          "Set the Up/Down Bit in place of the I/E bit in CLNS TLVs";
      }

      leaf no-adjacency-holddown {
        type empty;
        description
          "Disable adjacency hold down";
      }

      leaf multicast-topology {
        type empty;
        status deprecated;
        description
          "Enable multicast topology";
      }

      leaf ignore-attached-bit {
        type empty;
        description
          "Ignore the attached bit in Level 1 LSPs";
      }

      container rib-group {
        description
          "Routing table group for importing IS-IS routes";
        uses rib_group_type;
      }  // container rib-group

      container strict-dual-isis {
        junos:must "(!(".. topologies"))";
        junos:must-message "strict-dual-isis is not allowed with multi-topologies";
        presence "enable strict-dual-isis";
        description
          "Ensure both ipv4 and ipv6 connectivity for all adjacencies";
        uses apply-advanced;

        leaf holdown {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          default "12";
          description
            "Set the holddown timer for strict spf computation";
        }
      }  // container strict-dual-isis

      container topologies {
        description "Enable topologies";
        uses apply-advanced;

        leaf ipv4-multicast {
          type empty;
          description
            "Enable IPv4-multicast topology";
        }

        leaf ipv6-unicast {
          type empty;
          description
            "Enable IPv6-unicast topology";
        }

        leaf ipv6-multicast {
          type empty;
          description
            "Enable IPv6-multicast topology";
        }
      }  // container topologies

      container overload {
        presence "enable overload";
        description
          "Set the overload bit (no transit traffic)";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 3600";
            }
          }
          units "seconds";
          description
            "Time after which overload bit is reset";
        }

        leaf advertise-high-metrics {
          type empty;
          description
            "Advertise high metrics instead of setting the overload bit";
        }

        leaf allow-route-leaking {
          type empty;
          description
            "Allow routes to be leaked when overload is configured";
        }

        leaf internal-prefixes {
          type empty;
          description
            "Allow internal prefixes to be advertised with high metric";
        }

        leaf external-prefixes {
          type empty;
          description
            "Allow external prefixes to be advertised with high metric";
        }
      }  // container overload

      container graceful-restart {
        description
          "IS-IS graceful restart options";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf helper-disable {
          type empty;
          description
            "Disable graceful restart helper capability";
        }

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 300";
            }
          }
          units "seconds";
          description
            "Maximum time for graceful restart to finish";
        }
      }  // container graceful-restart
    }  // grouping juniper-protocols-isis

    grouping juniper-protocols-l2vpn {
      description
        "Layer 2 VPN, VPLS or EVPN configuration";
      uses apply-advanced;

      leaf bum-hashing {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "Bum-hashing knob is only applicable for instance type vpls";
        type empty;
        description
          "Enable BUM hashing feature in the instance";
      }

      leaf mac-pinning {
        junos:must "((".. .. .. protocols vpls" || ".. pbb-evpn-core"))";
        junos:must-message "mac-pinning is allowed in VPLS or PBB EVPN instance";
        type empty;
        description "Enable MAC pinning";
      }

      container mac-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC address forwarding table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container mac-table-size

      container mac-ip-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-ip-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC+IP bindings table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings";
        }
      }  // container mac-ip-table-size

      container interface-mac-limit {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC address learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses per interface";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
            enum "log" {
              value 2;
              description
                "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
            }
            enum "shutdown" {
              value 3;
              description
                "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
            }
            enum "drop-and-log" {
              value 4;
              description
                "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container interface-mac-limit

      container interface-mac-ip-limit {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-ip-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC+IP bindings learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings per interface";
        }
      }  // container interface-mac-ip-limit

      container mac-notification {
        presence "enable mac-notification";
        description
          "MAC notification options";
        uses apply-advanced;

        leaf notification-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 60";
            }
          }
          units "seconds";
          default "30";
          description
            "Interval for sending MAC notifications";
        }
      }  // container mac-notification

      leaf mac-table-aging-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        units "seconds";
        description
          "Delay for discarding MAC address if no updates are received";
      }

      leaf no-mac-learning {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "no-mac-learning needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Disable dynamic MAC address learning";
      }

      leaf no-normalization {
        type empty;
        description
          "Disable vlan id normalization for interfaces";
      }

      leaf mac-statistics {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-statistics needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Enable MAC address statistics";
      }

      container mib {
        presence "enable mib";
        description "Snmp mib options";
        uses apply-advanced;

        container dot1q-mib {
          presence "enable dot1q-mib";
          description
            "Dot1q MIB configuration options";
          uses apply-advanced;

          leaf port-list {
            type enumeration {
              enum "bit-map" {
                value 0;
                description
                  "Port list is represented in bit-map format";
              }
              enum "string" {
                value 1;
                description
                  "Port list is represented in string format";
              }
            }
            description
              "Port list for staticegressports and staticuntaggedports MIB";
          }
        }  // container dot1q-mib
      }  // container mib

      container static-rvtep-mac {
        description
          "Configure Static MAC and remote VxLAN tunnel endpoint entries";
        uses apply-advanced;

        list mac {
          key "mac_addr remote-vtep";
          description "Unicast MAC address";
          leaf mac_addr {
            type jt:mac-unicast;
          }

          leaf remote-vtep {
            type jt:ipaddr;
            description
              "Configure static remote VXLAN tunnel endpoints";
          }
        }  // list mac
      }  // container static-rvtep-mac

      list interface {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface needs to be specified under switch-options for a virtual-switch instance";
        key "name";
        ordered-by user;
        description
          "Interface that connect this site to the VPN";
        leaf name {
          junos:must "(((".. .. .. .. protocols evpn flexible-cross-connect-vlan-aware" || ".. .. .. .. interface $$") || "FALSE"))";
          junos:must-message "Interface must be part of this routing instance";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container interface-mac-limit {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          description
            "Maximum number of MAC addresses learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC addresses per interface";
          }

          leaf disable {
            type empty;
            description
              "Disable interface for interface-mac-limit";
          }

          leaf packet-action {
            type enumeration {
              enum "none" {
                value 0;
                description
                  "Forward the packet";
              }
              enum "drop" {
                value 1;
                description
                  "Drop packets and do not learn. Default is forward";
              }
              enum "log" {
                value 2;
                description
                  "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
              }
              enum "shutdown" {
                value 3;
                description
                  "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
              }
              enum "drop-and-log" {
                value 4;
                description
                  "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
              }
            }
            description
              "Action when MAC limit is reached";
          }
        }  // container interface-mac-limit

        leaf action-priority {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 8";
            }
          }
          description
            "Blocking priority of this interface on mac move detection";
        }

        list static-mac {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          key "name";
          ordered-by user;
          description
            "Static MAC addresses assigned to this interface";
          leaf name {
            junos:must "((!(".. .. .. .. .. vlan-id all") || all ".. vlan-id <*>"))";
            junos:must-message " Specify vlan-id for qualified learning ";
            type jt:mac-addr;
            description "MAC address";
          }

          uses apply-advanced;

          list vlan-id {
            junos:must "(".. .. .. .. .. vlan-id all")";
            junos:must-message "'vlan-id all' has to be configured for the bridging domain";
            key "name";
            ordered-by user;
            description
              "VLAN ID of learning VLAN";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4094";
                }
              }
              description "Learning VLAN";
            }

            uses apply-advanced;
          }  // list vlan-id
        }  // list static-mac

        container interface-mac-ip-limit {
          description
            "Maximum number of MAC+IP bindings learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC+IP bindings per interface";
          }
        }  // container interface-mac-ip-limit

        leaf no-mac-learning {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type empty;
          description
            "Disable dynamic MAC address learning";
        }

        leaf mac-pinning {
          type empty;
          description "Enable MAC pinning";
        }

        leaf persistent-learning {
          junos:must "(!("switch-options mac-table-aging-time "))";
          junos:must-message "Persistent learning can not co-exist with mac-table-aging-time";
          type empty;
          description
            "Enable persistent MAC learning on this interface";
        }

        container vpws-service-id {
          presence "enable vpws-service-id";
          description
            "Service-id for EVPN VPWS routing instance";
          uses apply-advanced;

          leaf local {
            junos:must "(unique ".. .. .. interface <*> vpws-service-id local $$")";
            junos:must-message "Unique Local SID can only be configured ";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16777215";
              }
            }
            description
              "Local EVPN VPWS service id";
          }

          leaf remote {
            junos:must "(unique ".. .. .. interface <*> vpws-service-id remote $$")";
            junos:must-message "Unique Remote SID can only be configured ";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16777215";
              }
            }
            description
              "Remote EVPN VPWS service id";
          }
        }  // container vpws-service-id

        leaf flow-label-transmit-static {
          junos:must "(".. .. .. .. instance-type evpn-vpws")";
          junos:must-message "Flow-Label static only supported for EVPN-VPWS";
          type empty;
          description
            "Push Flow Label on PW packets sent to remote PE";
        }

        leaf flow-label-receive-static {
          junos:must "(".. .. .. .. instance-type evpn-vpws")";
          junos:must-message "Flow-Label static only supported for EVPN-VPWS";
          type empty;
          description
            "Pop Flow Label from PW packets received from remote PE";
        }

        leaf protect-interface {
          junos:must "("interfaces $$")";
          junos:must-message "Interface must be part of this routing instance";
          junos:must "(!("interfaces ${inter_name} esi"))";
          junos:must-message "ESI can not be configured for protect interface";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Name of protect interface";
        }

        leaf remote-site-id {
          junos:must "(!(".. .. .. .. .. l2vpn-id"))";
          junos:must-message "Remote site identifier is not valid for FEC 129 VPWS instances";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65534";
            }
          }
          description
            "Site identifier associated with this interface";
        }

        leaf target-attachment-identifier {
          junos:must "(".. .. source-attachment-identifier")";
          junos:must-message "Source attachment identifier configuration required for the containing site";
          junos:must "(unique ".. .. interface <*> target-attachment-identifier $$")";
          junos:must-message "All interface target attachment identifiers must be unique within a site";
          type string {
            junos:posix-pattern "^([[:digit:].]){1,15}$|^([[:digit:]]){0,10}:([[:digit:].]){0,15}:([[:digit:]]){1,10}$";
            junos:pattern-message "
Use fec129 AII type 1 format with just <AC-ID> or
fec129 AII type 2 format <Global-ID>:<Prefix>:<AC-ID> where
<Global-ID> is a value between 0..4294967295,
<Prefix> is a value between 0..4294967295 or a valid IP address,
<AC-ID> is a value between 1..4294967295 (or a valid IP address for AII type 1).
e.g. 1, 0.0.0.1, 0:0:1, 1:2:3, 1:2.2.2.2:3, ::1, 1::2, :1:2";
          }
          description
            "FEC 129 VPWS target attachment identifier";
        }

        leaf flow-label-transmit {
          junos:must "(".. .. source-attachment-identifier")";
          junos:must-message "Source attachment identifier configuration required for the containing site";
          type empty;
          description
            "Advertise capability to push Flow Label in transmit direction to remote PE";
        }

        leaf flow-label-receive {
          junos:must "(".. .. source-attachment-identifier")";
          junos:must-message "Source attachment identifier configuration required for the containing site";
          type empty;
          description
            "Advertise capability to pop Flow Label in receive direction to remote PE";
        }

        leaf encapsulation-type {
          type enumeration {
            enum "atm-aal5" {
              value 0;
              description
                "ATM AAL/5 encapsulation";
            }
            enum "atm-cell" {
              value 1;
              description
                "ATM port promiscuous mode cell encapsulation";
            }
            enum "atm-cell-port-mode" {
              value 2;
              description
                "ATM port promiscuous mode cell encapsulation";
            }
            enum "atm-cell-vp-mode" {
              value 3;
              description
                "ATM VP promiscuous mode cell encapsulation";
            }
            enum "atm-cell-vc-mode" {
              value 4;
              description
                "ATM non-promiscuous cell encapsulation";
            }
            enum "frame-relay" {
              value 5;
              description
                "Frame Relay encapsulation";
            }
            enum "ppp" {
              value 6;
              description
                "PPP encapsulation";
            }
            enum "cisco-hdlc" {
              value 7;
              description
                "Cisco-compatible HDLC encapsulation";
            }
            enum "ethernet-vlan" {
              value 8;
              description
                "Ethernet VLAN encapsulation";
            }
            enum "ethernet" {
              value 9;
              description
                "Ethernet encapsulation";
            }
            enum "interworking" {
              value 10;
              description
                "Layer 2.5 interworking VPN";
            }
            enum "frame-relay-port-mode" {
              value 11;
              description
                "Frame Relay port mode encapsulation";
            }
            enum "satop-t1" {
              value 12;
              description
                "SATOP-T1 based Layer 2 VPN";
            }
            enum "satop-e1" {
              value 13;
              description
                "SATOP-E1 based Layer 2 VPN";
            }
            enum "satop-t3" {
              value 14;
              description
                "SATOP-T3 based Layer 2 VPN";
            }
            enum "satop-e3" {
              value 15;
              description
                "SATOP-E3 based Layer 2 VPN";
            }
            enum "cesop" {
              value 16;
              description
                "CESOP based Layer 2 VPN";
            }
          }
          description
            "Encapsulation type for VPN";
        }

        leaf ignore-encapsulation-mismatch {
          type empty;
          description
            "Allow different encapsulation types on local and remote end";
        }

        leaf mtu {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "512 .. 65535";
            }
          }
          description
            "MTU to be advertised to the remote end";
        }

        leaf ignore-mtu-mismatch {
          type empty;
          description
            "Allow different MTU values on local and remote end";
        }

        choice cword {
          leaf control-word {
            type empty;
            description
              "Adds control-word to the Layer 2 encapsulation";
          }
          leaf no-control-word {
            type empty;
            description
              "Disables control-word to the Layer 2 encapsulation";
          }
        }  // choice cword

        leaf pseudowire-status-tlv {
          type empty;
          description
            "Send pseudowire status TLV";
        }

        container oam {
          description
            "OAM Configuration for VPN";
          uses apply-advanced;

          leaf ping-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "30 .. 3600";
              }
            }
            units "seconds";
            default "60";
            description
              "Time interval between ping messages";
          }

          leaf ping-multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 5";
              }
            }
            description
              "Number of ping reply missed before declaring BFD down";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time
          }  // container bfd-liveness-detection
        }  // container oam

        leaf community {
          type string;
          description
            "Community associated with this interface";
        }

        leaf description {
          type string;
          description "Text description";
        }
      }  // list interface

      list site {
        key "name";
        ordered-by user;
        description
          "Sites connected to this provider equipment";
        leaf name {
          type string;
          description
            "Name of Layer 2 VPN or VPLS site";
        }

        uses apply-advanced;

        leaf mac-pinning {
          type empty;
          description "Enable MAC pinning";
        }

        list mesh-group {
          key "name";
          ordered-by user;
          description
            "Mesh-groups that are part of this site";
          leaf name {
            junos:must "(".. .. .. mesh-group $$")";
            junos:must-message "Mesh-group must be configured to associate with a site";
            type string;
            description "Mesh-group name";
          }

          uses apply-advanced;
        }  // list mesh-group

        list interface {
          junos:must "(!(!((".. .. .. .. protocols vpls" || ".. .. .. .. protocols l2vpn"))))";
          junos:must-message "interface needs to be specified under switch-options for a virtual-switch instance";
          key "name";
          ordered-by user;
          description
            "Interface that connect this site to the VPN";
          leaf name {
            junos:must "((".. .. .. .. .. interface $$" || any ".. .. .. .. .. bridge-domains <*> interface $$"))";
            junos:must-message "Interface must be part of this routing instance";
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          container interface-mac-limit {
            junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
            junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
            description
              "Maximum number of MAC addresses learned on the interface";
            uses apply-advanced;

            leaf limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32;
              }
              description
                "Maximum number of MAC addresses per interface";
            }

            leaf disable {
              type empty;
              description
                "Disable interface for interface-mac-limit";
            }

            leaf packet-action {
              type enumeration {
                enum "none" {
                  value 0;
                  description
                    "Forward the packet";
                }
                enum "drop" {
                  value 1;
                  description
                    "Drop packets and do not learn. Default is forward";
                }
                enum "log" {
                  value 2;
                  description
                    "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
                }
                enum "shutdown" {
                  value 3;
                  description
                    "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
                }
                enum "drop-and-log" {
                  value 4;
                  description
                    "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
                }
              }
              description
                "Action when MAC limit is reached";
            }
          }  // container interface-mac-limit

          leaf action-priority {
            junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
            junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 8";
              }
            }
            description
              "Blocking priority of this interface on mac move detection";
          }

          list static-mac {
            junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
            junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
            key "name";
            ordered-by user;
            description
              "Static MAC addresses assigned to this interface";
            leaf name {
              junos:must "((!(".. .. .. .. .. .. vlan-id all") || all ".. vlan-id <*>"))";
              junos:must-message " Specify vlan-id for qualified learning ";
              type jt:mac-addr;
              description "MAC address";
            }

            uses apply-advanced;

            list vlan-id {
              junos:must "(".. .. .. .. .. .. vlan-id all")";
              junos:must-message "'vlan-id all' has to be configured for the bridging domain";
              key "name";
              ordered-by user;
              description
                "VLAN ID of learning VLAN";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 4094";
                  }
                }
                description "Learning VLAN";
              }

              uses apply-advanced;
            }  // list vlan-id
          }  // list static-mac

          container interface-mac-ip-limit {
            description
              "Maximum number of MAC+IP bindings learned on the interface";
            uses apply-advanced;

            leaf limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32;
              }
              description
                "Maximum number of MAC+IP bindings per interface";
            }
          }  // container interface-mac-ip-limit

          leaf no-mac-learning {
            junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
            junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
            type empty;
            description
              "Disable dynamic MAC address learning";
          }

          leaf mac-pinning {
            type empty;
            description "Enable MAC pinning";
          }

          leaf persistent-learning {
            junos:must "(!("switch-options mac-table-aging-time "))";
            junos:must-message "Persistent learning can not co-exist with mac-table-aging-time";
            type empty;
            description
              "Enable persistent MAC learning on this interface";
          }

          leaf remote-site-id {
            junos:must "(!(".. .. .. .. .. l2vpn-id"))";
            junos:must-message "Remote site identifier is not valid for FEC 129 VPWS instances";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65534";
              }
            }
            description
              "Site identifier associated with this interface";
          }

          leaf target-attachment-identifier {
            junos:must "(".. .. source-attachment-identifier")";
            junos:must-message "Source attachment identifier configuration required for the containing site";
            junos:must "(unique ".. .. interface <*> target-attachment-identifier $$")";
            junos:must-message "All interface target attachment identifiers must be unique within a site";
            type string {
              junos:posix-pattern "^([[:digit:].]){1,15}$|^([[:digit:]]){0,10}:([[:digit:].]){0,15}:([[:digit:]]){1,10}$";
              junos:pattern-message "
Use fec129 AII type 1 format with just <AC-ID> or
fec129 AII type 2 format <Global-ID>:<Prefix>:<AC-ID> where
<Global-ID> is a value between 0..4294967295,
<Prefix> is a value between 0..4294967295 or a valid IP address,
<AC-ID> is a value between 1..4294967295 (or a valid IP address for AII type 1).
e.g. 1, 0.0.0.1, 0:0:1, 1:2:3, 1:2.2.2.2:3, ::1, 1::2, :1:2";
            }
            description
              "FEC 129 VPWS target attachment identifier";
          }

          leaf flow-label-transmit {
            junos:must "(".. .. source-attachment-identifier")";
            junos:must-message "Source attachment identifier configuration required for the containing site";
            type empty;
            description
              "Advertise capability to push Flow Label in transmit direction to remote PE";
          }

          leaf flow-label-receive {
            junos:must "(".. .. source-attachment-identifier")";
            junos:must-message "Source attachment identifier configuration required for the containing site";
            type empty;
            description
              "Advertise capability to pop Flow Label in receive direction to remote PE";
          }

          leaf encapsulation-type {
            type enumeration {
              enum "atm-aal5" {
                value 0;
                description
                  "ATM AAL/5 encapsulation";
              }
              enum "atm-cell" {
                value 1;
                description
                  "ATM port promiscuous mode cell encapsulation";
              }
              enum "atm-cell-port-mode" {
                value 2;
                description
                  "ATM port promiscuous mode cell encapsulation";
              }
              enum "atm-cell-vp-mode" {
                value 3;
                description
                  "ATM VP promiscuous mode cell encapsulation";
              }
              enum "atm-cell-vc-mode" {
                value 4;
                description
                  "ATM non-promiscuous cell encapsulation";
              }
              enum "frame-relay" {
                value 5;
                description
                  "Frame Relay encapsulation";
              }
              enum "ppp" {
                value 6;
                description
                  "PPP encapsulation";
              }
              enum "cisco-hdlc" {
                value 7;
                description
                  "Cisco-compatible HDLC encapsulation";
              }
              enum "ethernet-vlan" {
                value 8;
                description
                  "Ethernet VLAN encapsulation";
              }
              enum "ethernet" {
                value 9;
                description
                  "Ethernet encapsulation";
              }
              enum "interworking" {
                value 10;
                description
                  "Layer 2.5 interworking VPN";
              }
              enum "frame-relay-port-mode" {
                value 11;
                description
                  "Frame Relay port mode encapsulation";
              }
              enum "satop-t1" {
                value 12;
                description
                  "SATOP-T1 based Layer 2 VPN";
              }
              enum "satop-e1" {
                value 13;
                description
                  "SATOP-E1 based Layer 2 VPN";
              }
              enum "satop-t3" {
                value 14;
                description
                  "SATOP-T3 based Layer 2 VPN";
              }
              enum "satop-e3" {
                value 15;
                description
                  "SATOP-E3 based Layer 2 VPN";
              }
              enum "cesop" {
                value 16;
                description
                  "CESOP based Layer 2 VPN";
              }
            }
            description
              "Encapsulation type for VPN";
          }

          leaf ignore-encapsulation-mismatch {
            type empty;
            description
              "Allow different encapsulation types on local and remote end";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "512 .. 65535";
              }
            }
            description
              "MTU to be advertised to the remote end";
          }

          leaf ignore-mtu-mismatch {
            type empty;
            description
              "Allow different MTU values on local and remote end";
          }

          choice cword {
            leaf control-word {
              type empty;
              description
                "Adds control-word to the Layer 2 encapsulation";
            }
            leaf no-control-word {
              type empty;
              description
                "Disables control-word to the Layer 2 encapsulation";
            }
          }  // choice cword

          leaf pseudowire-status-tlv {
            type empty;
            description
              "Send pseudowire status TLV";
          }

          container oam {
            description
              "OAM Configuration for VPN";
            uses apply-advanced;

            leaf ping-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "30 .. 3600";
                }
              }
              units "seconds";
              default "60";
              description
                "Time interval between ping messages";
            }

            leaf ping-multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "1 .. 5";
                }
              }
              description
                "Number of ping reply missed before declaring BFD down";
            }

            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection (BFD) options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time
            }  // container bfd-liveness-detection
          }  // container oam

          leaf community {
            type string;
            description
              "Community associated with this interface";
          }

          leaf description {
            type string;
            description "Text description";
          }
        }  // list interface

        choice site-identifier-mode {
          leaf site-identifier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65534";
              }
            }
            description
              "Layer 2 VPN or VPLS site identifier (unique in the VPN)";
          }
          container automatic-site-id {
            junos:must "(!(".. .. .. .. protocols l2vpn"))";
            junos:must-message "Automatic site ID is supported only for VPLS service";
            junos:must "(!(any ".. .. mesh-group <*> peer-as"))";
            junos:must-message "Automatic site cannot be configured with BGP mesh group";
            presence
              "enable automatic-site-id";
            description
              "Enable automatic assignment of site identifier";
            uses apply-advanced;

            leaf startup-wait-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 3600";
                }
              }
              units "seconds";
              description
                "Time to wait at startup before claming a site identifier (seconds)";
            }

            leaf new-site-wait-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 3600";
                }
              }
              units "seconds";
              description
                "Time to wait before claiming a site identifier";
            }

            leaf collision-detect-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 3600";
                }
              }
              units "seconds";
              description
                "Time to wait for detecting a collision";
            }

            container reclaim-wait-time {
              presence
                "enable reclaim-wait-time";
              description
                "Time to wait for reclaiming a site identifier";
              leaf minimum {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "Minimum wait time";
              }

              leaf maximum {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "Maximum wait time";
              }
            }  // container reclaim-wait-time
          }  // container automatic-site-id
        }  // choice site-identifier-mode

        leaf source-attachment-identifier {
          junos:must "(".. .. .. .. l2vpn-id")";
          junos:must-message "Source attachment identifier only supported for FEC 129 VPWS instances";
          junos:must "(unique ".. .. site <*> source-attachment-identifier $$")";
          junos:must-message "All site source attachment identifiers must be unique within an instance";
          type string {
            junos:posix-pattern "^([[:digit:].]){1,15}$|^([[:digit:]]){0,10}:([[:digit:].]){0,15}:([[:digit:]]){1,10}$";
            junos:pattern-message "
Use fec129 AII type 1 format with just <AC-ID> or
fec129 AII type 2 format <Global-ID>:<Prefix>:<AC-ID> where
<Global-ID> is a value between 0..4294967295,
<Prefix> is a value between 0..4294967295 or a valid IP address,
<AC-ID> is a value between 1..4294967295 (or a valid IP address for AII type 1).
e.g. 1, 0.0.0.1, 0:0:1, 1:2:3, 1:2.2.2.2:3, ::1, 1::2, :1:2";
          }
          description
            "FEC 129 VPWS source attachment identifier";
        }

        leaf flow-label-transmit {
          junos:must "(".. .. .. .. l2vpn-id")";
          junos:must-message "Per-site Flow Label Config is only supported for FEC129 VPWS";
          type empty;
          description
            "Advertise capability to push Flow Label in transmit direction to remote PE";
        }

        leaf flow-label-receive {
          junos:must "(".. .. .. .. l2vpn-id")";
          junos:must-message "Per-site Flow Label Config is only supported for FEC129 VPWS";
          type empty;
          description
            "Advertise capability to push Flow Label in receive direction to remote PE";
        }

        leaf encapsulation-type {
          type enumeration {
            enum "atm-aal5" {
              value 0;
              description
                "ATM AAL/5 encapsulation";
            }
            enum "atm-cell" {
              value 1;
              description
                "ATM port promiscuous mode cell encapsulation";
            }
            enum "atm-cell-port-mode" {
              value 2;
              description
                "ATM port promiscuous mode cell encapsulation";
            }
            enum "atm-cell-vp-mode" {
              value 3;
              description
                "ATM VP promiscuous mode cell encapsulation";
            }
            enum "atm-cell-vc-mode" {
              value 4;
              description
                "ATM non-promiscuous cell encapsulation";
            }
            enum "frame-relay" {
              value 5;
              description
                "Frame Relay encapsulation";
            }
            enum "ppp" {
              value 6;
              description
                "PPP encapsulation";
            }
            enum "cisco-hdlc" {
              value 7;
              description
                "Cisco-compatible HDLC encapsulation";
            }
            enum "ethernet-vlan" {
              value 8;
              description
                "Ethernet VLAN encapsulation";
            }
            enum "ethernet" {
              value 9;
              description
                "Ethernet encapsulation";
            }
            enum "interworking" {
              value 10;
              description
                "Layer 2.5 interworking VPN";
            }
            enum "frame-relay-port-mode" {
              value 11;
              description
                "Frame Relay port mode encapsulation";
            }
            enum "satop-t1" {
              value 12;
              description
                "SATOP-T1 based Layer 2 VPN";
            }
            enum "satop-e1" {
              value 13;
              description
                "SATOP-E1 based Layer 2 VPN";
            }
            enum "satop-t3" {
              value 14;
              description
                "SATOP-T3 based Layer 2 VPN";
            }
            enum "satop-e3" {
              value 15;
              description
                "SATOP-E3 based Layer 2 VPN";
            }
            enum "cesop" {
              value 16;
              description
                "CESOP based Layer 2 VPN";
            }
          }
          description
            "Encapsulation type for VPN";
        }

        leaf ignore-encapsulation-mismatch {
          type empty;
          description
            "Allow different encapsulation types on local and remote end";
        }

        choice cword {
          leaf control-word {
            type empty;
            description
              "Adds control-word to the Layer 2 encapsulation";
          }
          leaf no-control-word {
            type empty;
            description
              "Disables control-word to the Layer 2 encapsulation";
          }
        }  // choice cword

        leaf pseudowire-status-tlv {
          type empty;
          description
            "Send pseudowire status TLV";
        }

        container oam {
          description
            "OAM Configuration for VPN";
          uses apply-advanced;

          leaf ping-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "30 .. 3600";
              }
            }
            units "seconds";
            default "60";
            description
              "Time interval between ping messages";
          }

          leaf ping-multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 5";
              }
            }
            description
              "Number of ping reply missed before declaring BFD down";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time
          }  // container bfd-liveness-detection
        }  // container oam

        leaf community {
          type string;
          description
            "Community associated with this site";
        }

        container multi-homing {
          junos:must "(!(".. automatic-site-id"))";
          junos:must-message "Multi-homing cannot be configured for automatic site";
          presence "enable multi-homing";
          description
            "Enable multi-homing functionality for this site";
          uses apply-advanced;

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 18000";
              }
            }
            units "seconds";
            description
              "Enable multi-homing non-designated forwarder hold time (seconds)";
          }
        }  // container multi-homing

        leaf site-preference {
          type string;
          description
            "Layer 2 VPN or VPLS site preference";
        }

        leaf hot-standby {
          junos:must "(!(".. site-preference primary"))";
          junos:must-message "primary site cannot be hot-standby";
          type empty;
          description
            "Keep backup pseudowire in continuous standby mode and ready for traffic forwarding";
        }

        leaf mtu {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "512 .. 65535";
            }
          }
          description
            "MTU to be advertised to the remote end";
        }

        leaf ignore-mtu-mismatch {
          type empty;
          description
            "Allow different MTU values on local and remote end";
        }

        container active-interface {
          description
            "Configure interface to designate as active";
          choice interface_name {
            leaf any {
              type empty;
              description
                "One configured interface is designated active at random";
            }
            leaf primary {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Interface to designate as active if it is operational";
            }
          }  // choice interface_name
        }  // container active-interface

        leaf best-site {
          junos:must "(!(".. .. .. l2vpn"))";
          junos:must-message "'best-site' feature not supported for VPWS/BGP-L2VPN instances";
          junos:must "(!(".. .. vpls-id"))";
          junos:must-message "'best-site' feature not supported for LDP based VPLS instances";
          junos:must "(!(".. interface"))";
          junos:must-message "'interface' must not be defined when 'best-site' knob is activated";
          type empty;
          description
            "Activates best-site functionality for this instance";
        }
      }  // list site

      list neighbor {
        junos:must "(".. vpls-id")";
        junos:must-message "'vpls-id' must be defined";
        key "name";
        ordered-by user;
        description
          "Neighbor for this VPLS instance";
        leaf name {
          type jt:ipv4addr;
          description "Neighbor ID";
        }

        uses apply-advanced;

        leaf mac-pinning {
          type empty;
          description "Enable MAC pinning";
        }

        container static {
          junos:must "((!(".. backup-neighbor") || all ".. backup-neighbor <*> static"))";
          junos:must-message "Backup neighbor should be static";
          presence "enable static";
          description
            "Configuration of static vpls";
          uses apply-advanced;

          leaf incoming-label {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "VPLS incoming static label [1000000 - 1048575] or [29696 - 41983]";
          }

          leaf outgoing-label {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description
              "VPLS outgoing static label";
          }

          choice cword {
            leaf control-word {
              type empty;
              description
                "Adds control-word to the Layer 2 encapsulation";
            }
            leaf no-control-word {
              type empty;
              description
                "Disables control-word to the Layer 2 encapsulation";
            }
          }  // choice cword
        }  // container static

        container associate-profile {
          description
            "Associate profile options for dynamic IFL";
          uses apply-advanced;

          leaf profile-name {
            type string {
              length "1 .. 81";
            }
            description
              "Associated profile name";
          }

          leaf profile-variable-set {
            type string {
              length "1 .. 81";
            }
            description
              "Associate dynamic variable set with the profile";
          }
        }  // container associate-profile

        leaf psn-tunnel-endpoint {
          type jt:ipv4addr;
          description
            "Endpoint of the transport tunnel on the remote PE";
        }

        leaf community {
          type string;
          description
            "Community associated with this neighbor";
        }

        leaf encapsulation-type {
          type enumeration {
            enum "ethernet-vlan" {
              junos:must "(!(".. static"))";
              junos:must-message "not supported for static vpls";
              value 0;
              description
                "Ethernet VLAN encapsulation";
            }
            enum "ethernet" {
              junos:must "(!(".. static"))";
              junos:must-message "not supported for static vpls";
              value 1;
              description
                "Ethernet encapsulation";
            }
          }
          description
            "Encapsulation type for VPN";
        }

        leaf ignore-encapsulation-mismatch {
          junos:must "(!(".. static"))";
          junos:must-message "not supported for static vpls";
          type empty;
          description
            "Allow different encapsulation types on local and remote end";
        }

        container pseudowire-status-tlv {
          junos:must "(!(".. static"))";
          junos:must-message "not supported for static vpls";
          presence
            "enable pseudowire-status-tlv";
          description
            "Send pseudowire status TLV";
          uses apply-advanced;

          leaf hot-standby-vc-on {
            type empty;
            description
              "Activate pseudowire upon arrival of 'hot-standby' status TLV message";
          }
        }  // container pseudowire-status-tlv

        leaf switchover-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 180000";
            }
          }
          units "milliseconds";
          default "10000";
          description
            "Pseudowire switchover delay ";
        }

        container revert-time {
          presence "enable revert-time";
          description
            "Enable pseudowire redundancy reversion (seconds)";
          leaf delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 600";
              }
            }
            units "seconds";
            description
              "Reversion timer (seconds)";
          }

          leaf maximum {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1200";
              }
            }
            units "seconds";
            description
              "Maximum reversion interval to add over revert-time delay";
          }
        }  // container revert-time

        leaf connection-protection {
          junos:must "((!(".. backup-neighbor") || all ".. backup-neighbor <*> standby"))";
          junos:must-message "For connection-protection services, backup neighbor must be standby";
          junos:must "(!(".. switchover-delay"))";
          junos:must-message "connection-protection cannot be configured with switchover-delay";
          junos:must "(!(".. revert-time"))";
          junos:must-message "connection-protection cannot be configured with revert-time";
          type empty;
          description
            "End-2-end protection via OAM failure detection";
        }

        list backup-neighbor {
          key "name";
          ordered-by user;
          description
            "Configuration of redundant l2circuit";
          leaf name {
            type jt:ipv4addr;
            description "Neighbor ID";
          }

          uses apply-advanced;

          container static {
            junos:must "(".. .. static")";
            junos:must-message "Primary Neighbor must be static";
            presence "enable static";
            description
              "Configuration of static vpls";
            uses apply-advanced;

            leaf incoming-label {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "VPLS incoming static label [1000000 - 1048575] or [29696 - 41983]";
            }

            leaf outgoing-label {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "16 .. 1048575";
                }
              }
              description
                "VPLS outgoing static label";
            }
          }  // container static

          leaf community {
            junos:must "(!(".. .. connection-protection"))";
            junos:must-message "The backup neighbor cannot be configured with community alongwith connection-protection";
            type string;
            description
              "Community associated with this Layer 2 circuit";
          }

          leaf psn-tunnel-endpoint {
            type jt:ipv4addr;
            description
              "Endpoint of the transport tunnel on the remote PE";
          }

          leaf standby {
            type empty;
            description
              "Keep backup pseudowire in continuous standby";
          }

          leaf hot-standby {
            junos:must "((!(".. .. .. control-word") && !(".. .. .. .. control-word")))";
            junos:must-message "Hot-standby cannot be configured while having control-word enabled";
            junos:must "(".. .. pseudowire-status-tlv")";
            junos:must-message "Pseudowire-status-tlv must be configured in order to have hot-standby enabled";
            junos:must "(!(".. .. connection-protection"))";
            junos:must-message "Hot-standby cannot be configured while having connection-protection enabled";
            junos:must "(!(".. standby"))";
            junos:must-message "The backup neighbor cannot be configured with standby and hot-standby features simultaneously";
            type empty;
            description
              "Keep backup pseudowire in continuous standby mode and ready for traffic forwarding";
          }
        }  // list backup-neighbor
      }  // list neighbor

      list mesh-group {
        key "name";
        description
          "Mesh-group under this VPLS instance";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,32}$";
            junos:pattern-message "The mesh-group name should be between 1 and 32 characters";
          }
          description "Mesh-group name";
        }

        uses apply-advanced;

        leaf local-switching {
          type empty;
          description
            "Allow local-switching within interfaces in this mesh-group";
        }

        list neighbor {
          junos:must "(!(".. peer-as"))";
          junos:must-message "'peer-as' and 'neighbor' must not be defined in the same mesh-group";
          junos:must "(!(".. interface"))";
          junos:must-message "'interface' and 'neighbor' must not be defined in the same mesh-group";
          junos:must "((".. vpls-id" || ".. .. vpls-id"))";
          junos:must-message "'vpls-id' must be defined";
          key "name";
          ordered-by user;
          description
            "Neighbor belonging to this mesh-group";
          leaf name {
            type jt:ipv4addr;
            description "Neighbor ID";
          }

          uses apply-advanced;

          leaf mac-pinning {
            type empty;
            description "Enable MAC pinning";
          }

          container static {
            junos:must "((!(".. backup-neighbor") || all ".. backup-neighbor <*> static"))";
            junos:must-message "Backup neighbor should be static";
            presence "enable static";
            description
              "Configuration of static vpls";
            uses apply-advanced;

            leaf incoming-label {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "VPLS incoming static label [1000000 - 1048575] or [29696 - 41983]";
            }

            leaf outgoing-label {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "16 .. 1048575";
                }
              }
              description
                "VPLS outgoing static label";
            }

            choice cword {
              leaf control-word {
                type empty;
                description
                  "Adds control-word to the Layer 2 encapsulation";
              }
              leaf no-control-word {
                type empty;
                description
                  "Disables control-word to the Layer 2 encapsulation";
              }
            }  // choice cword
          }  // container static

          container associate-profile {
            description
              "Associate profile options for dynamic IFL";
            uses apply-advanced;

            leaf profile-name {
              type string {
                length "1 .. 81";
              }
              description
                "Associated profile name";
            }

            leaf profile-variable-set {
              type string {
                length "1 .. 81";
              }
              description
                "Associate dynamic variable set with the profile";
            }
          }  // container associate-profile

          leaf psn-tunnel-endpoint {
            type jt:ipv4addr;
            description
              "Endpoint of the transport tunnel on the remote PE";
          }

          leaf community {
            type string;
            description
              "Community associated with this neighbor";
          }

          leaf encapsulation-type {
            type enumeration {
              enum "ethernet-vlan" {
                junos:must "(!(".. static"))";
                junos:must-message "not supported for static vpls";
                value 0;
                description
                  "Ethernet VLAN encapsulation";
              }
              enum "ethernet" {
                junos:must "(!(".. static"))";
                junos:must-message "not supported for static vpls";
                value 1;
                description
                  "Ethernet encapsulation";
              }
            }
            description
              "Encapsulation type for VPN";
          }

          leaf ignore-encapsulation-mismatch {
            junos:must "(!(".. static"))";
            junos:must-message "not supported for static vpls";
            type empty;
            description
              "Allow different encapsulation types on local and remote end";
          }

          container pseudowire-status-tlv {
            junos:must "(!(".. static"))";
            junos:must-message "not supported for static vpls";
            presence
              "enable pseudowire-status-tlv";
            description
              "Send pseudowire status TLV";
            uses apply-advanced;

            leaf hot-standby-vc-on {
              type empty;
              description
                "Activate pseudowire upon arrival of 'hot-standby' status TLV message";
            }
          }  // container pseudowire-status-tlv

          leaf switchover-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 180000";
              }
            }
            units "milliseconds";
            default "10000";
            description
              "Pseudowire switchover delay ";
          }

          container revert-time {
            presence "enable revert-time";
            description
              "Enable pseudowire redundancy reversion (seconds)";
            leaf delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 600";
                }
              }
              units "seconds";
              description
                "Reversion timer (seconds)";
            }

            leaf maximum {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 1200";
                }
              }
              units "seconds";
              description
                "Maximum reversion interval to add over revert-time delay";
            }
          }  // container revert-time

          leaf connection-protection {
            junos:must "((!(".. backup-neighbor") || all ".. backup-neighbor <*> standby"))";
            junos:must-message "For connection-protection services, backup neighbor must be standby";
            junos:must "(!(".. switchover-delay"))";
            junos:must-message "connection-protection cannot be configured with switchover-delay";
            junos:must "(!(".. revert-time"))";
            junos:must-message "connection-protection cannot be configured with revert-time";
            type empty;
            description
              "End-2-end protection via OAM failure detection";
          }

          list backup-neighbor {
            key "name";
            ordered-by user;
            description
              "Configuration of redundant l2circuit";
            leaf name {
              type jt:ipv4addr;
              description "Neighbor ID";
            }

            uses apply-advanced;

            container static {
              junos:must "(".. .. static")";
              junos:must-message "Primary Neighbor must be static";
              presence "enable static";
              description
                "Configuration of static vpls";
              uses apply-advanced;

              leaf incoming-label {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "VPLS incoming static label [1000000 - 1048575] or [29696 - 41983]";
              }

              leaf outgoing-label {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "16 .. 1048575";
                  }
                }
                description
                  "VPLS outgoing static label";
              }
            }  // container static

            leaf community {
              junos:must "(!(".. .. connection-protection"))";
              junos:must-message "The backup neighbor cannot be configured with community alongwith connection-protection";
              type string;
              description
                "Community associated with this Layer 2 circuit";
            }

            leaf psn-tunnel-endpoint {
              type jt:ipv4addr;
              description
                "Endpoint of the transport tunnel on the remote PE";
            }

            leaf standby {
              type empty;
              description
                "Keep backup pseudowire in continuous standby";
            }

            leaf hot-standby {
              junos:must "((!(".. .. .. control-word") && !(".. .. .. .. control-word")))";
              junos:must-message "Hot-standby cannot be configured while having control-word enabled";
              junos:must "(".. .. pseudowire-status-tlv")";
              junos:must-message "Pseudowire-status-tlv must be configured in order to have hot-standby enabled";
              junos:must "(!(".. .. connection-protection"))";
              junos:must-message "Hot-standby cannot be configured while having connection-protection enabled";
              junos:must "(!(".. standby"))";
              junos:must-message "The backup neighbor cannot be configured with standby and hot-standby features simultaneously";
              type empty;
              description
                "Keep backup pseudowire in continuous standby mode and ready for traffic forwarding";
            }
          }  // list backup-neighbor

          leaf-list vpls-id-list {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            ordered-by user;
            description
              "LDP VPLS Identifier list for this neighbor";
          }
        }  // list neighbor

        list interface {
          key "name";
          description
            "Interfaces belonging to this flood group";
          leaf name {
            junos:must "(".. .. .. .. .. interface $$")";
            junos:must-message "Interface must be part of this VPLS routing instance";
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;
        }  // list interface

        container associate-profile {
          description
            "Associate profile options for dynamic IFL";
          uses apply-advanced;

          leaf profile-name {
            type string {
              length "1 .. 81";
            }
            description
              "Associated profile name";
          }

          leaf profile-variable-set {
            type string {
              length "1 .. 81";
            }
            description
              "Associate dynamic variable set with the profile";
          }
        }  // container associate-profile

        choice peer-as-choice {
          container peer-as {
            description
              "Autonomous system of the peer";
            uses apply-advanced;

            leaf all {
              type empty;
              description
                "Include peers from all autonomous systems";
            }
          }  // container peer-as
        }  // choice peer-as-choice

        leaf vpls-id {
          junos:must "(!(any ".. .. mesh-group <*> route-distinguisher"))";
          junos:must-message "Does not support FEC129 and FEC128 LDP VPLS mesh-group under the same instance";
          junos:must "(!(".. interface"))";
          junos:must-message "'vpls-id' must not be defined when specifying 'interface' in a mesh-group";
          type string;
          description
            "LDP VPLS Identifier for this mesh-group";
        }

        container mac-flush {
          presence "enable mac-flush";
          description
            "Enables mac-flush processing";
          uses apply-advanced;

          leaf any-interface {
            junos:must "((".. .. vpls-id" || ".. .. .. vpls-id"))";
            junos:must-message "'any-interface' can be configured only for LDP VPLS";
            type empty;
            description
              "Send mac-flush when any AC interface goes down";
          }

          leaf any-spoke {
            junos:must "((".. .. vpls-id" || ".. .. .. vpls-id"))";
            junos:must-message "'any-spoke' can be configured only for LDP VPLS";
            type empty;
            description
              "Send mac-flush when any spoke pseudo wire goes down";
          }

          leaf propagate {
            junos:must "((".. .. vpls-id" || ".. .. .. vpls-id"))";
            junos:must-message "'propagate' can be configured only for LDP VPLS";
            type empty;
            description
              "Propagate mac-flush to the core";
          }
        }  // container mac-flush

        container route-distinguisher {
          junos:must "(!(any ".. .. mesh-group <*> vpls-id"))";
          junos:must-message "Does not support FEC129 and FEC128 LDP VPLS mesh-group under the same instance";
          description
            "Route distinguisher for this mesh-group";
          leaf rd-type {
            type string {
              junos:posix-pattern "^[0-9.]+L?:[0-9]+$";
              junos:pattern-message "Use format 'x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. 123456L:100";
            }
            description
              "Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format";
          }
        }  // container route-distinguisher
      }  // list mesh-group

      container proxy-mac {
        junos:must "(".. .. .. instance-type evpn")";
        junos:must-message "Applicable to instance-type evpn only";
        description "Proxy MAC settings";
        uses apply-advanced;

        leaf irb {
          junos:must "(!(".. .. no-arp-suppression"))";
          junos:must-message "Proxy MAC is not supported with no-arp-suppression";
          junos:must "(((".. .. .. .. l3-interface" || ".. .. .. .. routing-interface") && !(".. proxy-mac-address")))";
          junos:must-message "Proxy MAC in IRB mode should have routing-interface configured";
          type empty;
          description
            "Reply with virtual-gateway MAC or IRB MAC";
        }

        leaf proxy-mac-address {
          junos:must "(!(".. .. no-arp-suppression"))";
          junos:must-message "Proxy MAC is not supported with no-arp-suppression";
          junos:must "((!(".. .. .. .. routing-interface") && (!(".. .. .. .. l3-interface") && !(".. irb"))))";
          junos:must-message "Proxy MAC with specified MAC should not have routing-interface configured";
          type jt:mac-unicast;
          description
            "Reply with configured MAC for all requests";
        }
      }  // container proxy-mac

      leaf service-type {
        type enumeration {
          enum "single" {
            value 0;
            description
              "Only one service for the virtual-switch";
          }
        }
        description
          "Specify service type for vpls";
      }

      leaf designated-forwarder-election-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1800";
          }
        }
        units "seconds";
        description
          "Time to wait before electing a DF(seconds)";
      }

      leaf designated-forwarder-preference-least {
        type empty;
        description
          "Use least preference in DF election";
      }

      leaf encapsulation {
        junos:must "((((".. .. .. instance-type virtual-switch" || (".. .. ..  instance-type evpn" || (".. .. .. instance-type mac-vrf" || ".. .. .. instance-type evpn-vpws"))) && !(".. .. .. switch-options route-distinguisher")) || ".. .. .. switch-options route-distinguisher"))";
        junos:must-message "Encapsulation can only be configured for an EVPN instance";
        type enumeration {
          enum "mpls" {
            value 0;
            description "MPLS encapsulation";
          }
          enum "vxlan" {
            value 1;
            description
              "VXLAN encapsulation";
          }
          enum "mpls-inet6" {
            value 2;
            description
              "MPLS over IPv6 encapsulation";
          }
        }
        default "mpls";
        description
          "Encapsulation type for EVPN";
      }

      leaf default-gateway {
        type enumeration {
          enum "advertise" {
            value 0;
            description
              "Advertise IRB MACs with default gateway community";
          }
          enum "no-gateway-community" {
            value 1;
            description
              "Advertise IRB MACs without default gateway community";
          }
          enum "do-not-advertise" {
            value 2;
            description
              "Do not advertise IRB MACs";
          }
        }
        description "Default gateway mode";
      }

      container duplicate-mac-detection {
        description
          "Duplicate MAC detection settings";
        uses apply-advanced;

        leaf detection-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 20";
            }
          }
          description
            "Number of moves to trigger duplicate MAC detection";
        }

        leaf detection-window {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 600";
            }
          }
          units "seconds";
          description
            "Time window for detection of duplicate MACs";
        }

        leaf auto-recovery-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 360";
            }
          }
          units "minutes";
          description
            "Automatically unblock duplicate MACs after a time delay";
        }
      }  // container duplicate-mac-detection

      choice extended-attributes {
        leaf-list extended-vlan-list {
          junos:must "(!((".. .. .. .. .. chassis satellite-management redundancy-groups" && !(".. mclag"))))";
          junos:must-message "Need to configure 'protocols evpn mclag' when evpn is configured with mclag.";
          junos:must "(!(".. pbb-evpn-core"))";
          junos:must-message "Extended VLAN list can't be configured in the PBB EVPN";
          junos:must "(!(".. encapsulation vxlan"))";
          junos:must-message "Extended VLAN list cannot coexist with encapsulation vxlan option";
          junos:must "(".. .. .. instance-type virtual-switch")";
          junos:must-message "Extended VLAN list can only be configured in a virtual switch instance";
          type jt:vlan-range;
          description
            "List of VLAN identifiers that are to be EVPN extended";
        }
        leaf-list extended-vni-list {
          junos:must "(!((".. .. .. .. .. chassis satellite-management redundancy-groups" && !(".. mclag"))))";
          junos:must-message "Need to configure 'protocols evpn mclag' when evpn is configured with mclag.";
          junos:must "(".. encapsulation vxlan")";
          junos:must-message "Extended VNI list can only be configured with encapsulation vxlan";
          junos:must "((".. .. .. instance-type virtual-switch" || ".. .. .. instance-type mac-vrf"))";
          junos:must-message "Extended VNI list can only be configured in a virtual switch instance";
          type string;
          description
            "List of VNI identifiers (1..16777214) or all, that are to be EVPN extended";
        }
        leaf-list extended-isid-list {
          junos:must "(".. pbb-evpn-core")";
          junos:must-message "Extended ISID list can only be configured in the PBB EVPN";
          junos:must "(".. .. .. instance-type virtual-switch")";
          junos:must-message "Extended ISID list can only be configured in a virtual switch instance";
          type string;
          description
            "Configure list of isids or all for extending to PBB EVPN";
        }
      }  // choice extended-attributes

      container evi-options {
        junos:must "(".. extended-isid-list")";
        junos:must-message "Extended-isid-list must be configured";
        description "EVI options";
        uses juniper-protocols-evi-options;
      }  // container evi-options

      leaf p2mp-bud-support {
        type empty;
        description
          "Enable EVPN to act as P2MP transit and egress PE (bud)";
      }

      container remote-ip-host-routes {
        junos:must "(!(".. encapsulation mpls-inet6"))";
        junos:must-message "VMTO not supported with encapsulation mpls-inet6";
        junos:must "(!(".. .. .. instance-type vrf"))";
        junos:must-message "remote-ip-host-routes knob is for virtual-switch, EVPN or default instance";
        presence
          "enable remote-ip-host-routes";
        description
          "Virtual machine traffic optimization(VMTO) for EVPN";
        uses apply-advanced;

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Policy to control the creation of remote IP host routes";
        }

        leaf no-advertise-community {
          type empty;
          description
            "Don't advertise Type 2 route's community";
        }
      }  // container remote-ip-host-routes

      leaf pbb-evpn-core {
        junos:must "(!(".. encapsulation mpls-inet6"))";
        junos:must-message "PBB not supported with encapsulation mpls-inet6";
        junos:must "(".. .. .. instance-type virtual-switch")";
        junos:must-message "pbb-evpn-core can only be configured in a virtual switch instance";
        junos:must "("chassis network-services enhanced-ip")";
        junos:must-message "PBB EVPN supported only with enhanced-ip mode";
        type empty;
        description
          "Configure PBB EVPN core";
      }

      leaf label-allocation {
        junos:must "(!(".. encapsulation vxlan"))";
        junos:must-message "label-allocation cannot coexist with encapsulation vxlan option";
        type enumeration {
          enum "per-instance" {
            value 0;
            description
              "Allocate one label for the entire instance";
          }
        }
        description
          "Label allocation policy";
      }

      leaf evpn-etree {
        junos:must "(!(".. encapsulation mpls-inet6"))";
        junos:must-message "Not supported for encapsulation mpls-inet6";
        type empty;
        description "Evpn etree mode";
      }

      container assisted-replication {
        junos:must "(!("forwarding-options multicast-replication evpn irb local-only"))";
        junos:must-message "Assisted Replication is not valid with forwarding-options multicast-replication evpn irb local-only";
        junos:must "(".. encapsulation vxlan")";
        junos:must-message "Assisted Replication is supported only with encapsulation vxlan option";
        description
          "Option to enable Assisted Replication";
        uses apply-advanced;

        choice AR {
          container leaf {
            presence "enable leaf";
            description
              "Assisted Replicator Leaf";
            uses apply-advanced;

            leaf replicator-activation-delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 180";
                }
              }
              units "seconds";
              default "10";
              description
                "Dealy interval in starting replication";
            }
          }  // container leaf

          case case_2 {
          }  // case case_2
        }  // choice AR
      }  // container assisted-replication

      container vrf-target {
        junos:must "((".. extended-isid-list" || ".. extended-vlan-list"))";
        junos:must-message "Extended-isid-list or extended-vlan-list must be configured";
        description
          "VRF target community configuration";
        uses apply-advanced;

        leaf community {
          type string {
            junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
            junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
          }
          description
            "Target community to use in import and export";
        }
      }  // container vrf-target

      container interconnect {
        description "Interconnect";
        uses juniper-protocols-evpn-interconnect;
      }  // container interconnect

      leaf pmsi-tunnel-endpoint {
        junos:must "(!(".. pbb-evpn-core"))";
        junos:must-message "Not Supported for PBB EVPN";
        junos:must "(!(".. encapsulation mpls-inet6"))";
        junos:must-message "Not supported for encapsulation mpls-inet6";
        junos:must "(!(".. encapsulation vxlan"))";
        junos:must-message "Not Supported for EVPN-VXLAN encapsulation";
        junos:must "(!(".. .. .. provider-tunnel"))";
        junos:must-message "Not Applicable for P2MP Tunnels";
        junos:must "(!(".. .. .. instance-type evpn-vpws"))";
        junos:must-message "Not Applicable for instance-type EVPN-VPWS";
        type jt:ipv4addr;
        description
          "IM IR PMSI tunnel Endpoint for remote PE";
      }

      leaf pmsi-tunnel-endpoint-inet6 {
        junos:must "(".. encapsulation mpls-inet6")";
        junos:must-message "Supported for mpls-inet6 encapsulation only";
        junos:must "(!(".. .. .. instance-type evpn-vpws"))";
        junos:must-message "Not Applicable for instance-type EVPN-VPWS";
        type jt:ipv6addr;
        description
          "IM IR PMSI IPv6 tunnel Endpoint for remote PE";
      }

      leaf normalization {
        junos:must "(!(".. encapsulation vxlan"))";
        junos:must-message "Not applicable for EVPN-VXLAN encapsulation";
        junos:must "((".. .. .. instance-type mac-vrf" && ".. .. .. service-type vlan-based"))";
        junos:must-message "Applicable for mac-vrf vlan-based service only";
        type empty;
        description
          "Enable vlan id normalization for interfaces";
      }

      leaf smet-etag-carry-vid {
        junos:must "((".. .. .. instance-type mac-vrf" && ".. .. .. service-type vlan-based"))";
        junos:must-message "Applicable for mac-vrf vlan-based service only";
        type empty;
        description
          "SMET Type 6,7 and 8 Routes to carry vlan id in Ethernet Tag field";
      }

      container irb-symmetric-routing {
        junos:must "(".. .. .. instance-type vrf")";
        junos:must-message "EVPN T-2 symmetric-routing must be configured with instance-type vrf";
        description
          "Enable EVPN T-2 symmtric routing";
        uses apply-advanced;

        leaf vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16777214";
            }
          }
          description
            "VXLAN network identifier used for T-2 Symmetric Routing IP prefixes";
        }
      }  // container irb-symmetric-routing

      container ip-prefix-routes {
        junos:must "(".. .. .. instance-type vrf")";
        junos:must-message "ip-prefix-routes must be configured with instance-type vrf";
        presence "enable ip-prefix-routes";
        description
          "Advertise IP prefixes through EVPN";
        uses apply-advanced;

        leaf advertise {
          type enumeration {
            enum "gateway-address" {
              junos:must "(".. gateway-interface")";
              junos:must-message "advertise gateway-address must be configured with gateway-interface";
              value 0;
              description
                "Advertise a gateway address in exported IP prefix routes";
            }
            enum "direct-nexthop" {
              junos:must "((".. encapsulation vxlan" || ".. .. .. .. vrf-table-label"))";
              junos:must-message "vrf-table-label must be used unless encapsulation vxlan is configured";
              value 1;
              description
                "Advertise a direct nexthop in exported IP prefix routes";
            }
          }
          description
            "Advertisement attributes for IP prefixes";
        }

        leaf gateway-interface {
          junos:must "(".. advertise gateway-address")";
          junos:must-message "gateway-interface must be configured with advertise gateway-address";
          junos:must "(".. .. .. .. interface $$")";
          junos:must-message "Interface must configured in this routing instance";
          junos:must "("interfaces $$ family inet")";
          junos:must-message "Family inet must be defined";
          junos:must "("interfaces $$")";
          junos:must-message "Interface must be defined";
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Gateway interface used when gateway address is advertised";
        }

        leaf encapsulation {
          type enumeration {
            enum "mpls" {
              junos:must "(".. advertise direct-nexthop")";
              junos:must-message "encapsulation must be configured with advertise direct-nexthop";
              value 0;
              description
                "MPLS encapsulation";
            }
            enum "vxlan" {
              junos:must "(".. vni")";
              junos:must-message "encapsulation vxlan must be configured with vni";
              junos:must "((".. advertise direct-nexthop" || ".. .. irb-symmetric-routing"))";
              junos:must-message "encapsulation must be configured with advertise direct-nexthop or irb-symmetric-routing";
              value 1;
              description
                "VXLAN encapsulation";
            }
          }
          description
            "Encapsulation used for IP prefixes";
        }

        leaf vni {
          junos:must "(".. encapsulation vxlan")";
          junos:must-message "vni must be configured with encapsulation vxlan";
          junos:must "((".. advertise direct-nexthop" || ".. .. irb-symmetric-routing"))";
          junos:must-message "vni must be configured with advertise direct-nexthop or irb-symmetric-routing";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16777214";
            }
          }
          description
            "VXLAN network identifier used for IP prefixes";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Policy to control import of IP prefixes from EVPN";
        }

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Policy to control export of IP prefixes through EVPN";
        }

        container route-attributes {
          description
            "Route Attribute Import Export Option";
          uses apply-advanced;

          container as-path {
            description "AS-PATH Attribute";
            uses apply-advanced;

            leaf import-action {
              type enumeration {
                enum "allow" {
                  value 0;
                  description
                    "Inherit as-path from EVPN routes to IP routes";
                }
                enum "skip" {
                  value 1;
                  description
                    "Donot inehrit as-path from EVPN routes to IP routes";
                }
              }
              description
                "AS-PATH Attribute Inherit Option on Import";
            }

            leaf export-action {
              type enumeration {
                enum "allow" {
                  value 0;
                  description
                    "Inherit as-path from IP routes to EVPN routes";
                }
                enum "skip" {
                  value 1;
                  description
                    "Donot inherit as-path from IP routes to EVPN routes";
                }
              }
              description
                "AS-PATH Attribute Inherit Option on Export";
            }
          }  // container as-path

          container preference {
            description
              "Preference Attribute";
            uses apply-advanced;

            leaf import-action {
              type enumeration {
                enum "allow" {
                  value 0;
                  description
                    "Inherit preference from EVPN routes to IP routes";
                }
                enum "skip" {
                  value 1;
                  description
                    "Donot inherit preference from EVPN routes to EVPN routes";
                }
              }
              description
                "Preference Attribute Inerit Option on Import";
            }

            leaf export-action {
              type enumeration {
                enum "allow" {
                  value 0;
                  description
                    "Inherit preference from IP routes to EVPN routes";
                }
                enum "skip" {
                  value 1;
                  description
                    "Donot inherit preference from IP routes to EVPN routes";
                }
              }
              description
                "Preference Attribute Inherit Option on Export";
            }
          }  // container preference

          container community {
            description
              "Community Attribute";
            uses apply-advanced;

            leaf import-action {
              type enumeration {
                enum "allow" {
                  value 0;
                  description
                    "Inherit community from EVPN routes to IP routes";
                }
                enum "skip" {
                  value 1;
                  description
                    "Donot inherit community from EVPN routes to IP routes";
                }
              }
              description
                "Community Attribute Inherit Option on Import";
            }

            leaf export-action {
              type enumeration {
                enum "allow" {
                  value 0;
                  description
                    "Inherit community from IP routes to EVPN routes";
                }
                enum "skip" {
                  value 1;
                  description
                    "Donot inherit community from IP route to EVPN routes";
                }
              }
              description
                "Community Attribute Inherit Option on Export";
            }
          }  // container community
        }  // container route-attributes
      }  // container ip-prefix-routes

      leaf igmp-id {
        junos:must "(!(".. encapsulation mpls-inet6"))";
        junos:must-message "IGMP snooping not supported with encapsulation mpls-inet6";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "EVPN IGMP Identifier value";
      }

      leaf multicast-mode {
        junos:must "(".. encapsulation vxlan")";
        junos:must-message "multicast-mode can only be configured with encapsulation vxlan";
        junos:must "((((".. .. .. instance-type virtual-switch" || ".. .. .. instance-type mac-vrf") && !(".. .. .. switch-options route-distinguisher")) || ".. .. .. switch-options route-distinguisher"))";
        junos:must-message "multicast-mode can only be configured in a virtual switch instance";
        type enumeration {
          enum "ingress-replication" {
            value 0;
            description
              "Ingress Replication";
          }
        }
        default "ingress-replication";
        description
          "Multicast mode for EVPN";
      }

      container oism {
        junos:must "(".. oism supplemental-bridge-domain-irb")";
        junos:must-message "OISM must be configured with Supplemental Bridge Domain";
        junos:must "(".. .. .. instance-type vrf")";
        junos:must-message "oism must be configured with instance-type vrf";
        description
          "EVPN Multicast OISM features";
        uses apply-advanced;

        leaf supplemental-bridge-domain-irb {
          junos:must "(".. .. .. .. interface $$")";
          junos:must-message "Interface must configured in this routing instance";
          junos:must "("interfaces $$")";
          junos:must-message "Interface must be defined";
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "OISM SBD irb interface address";
        }

        leaf originate-smet-on-revenue-vlan-too {
          type empty;
          description
            "Originate smet route on revenue vlan too";
        }

        container pim-evpn-gateway {
          presence "enable pim-evpn-gateway";
          description
            "Configure PIM EVPN Gateway PEG parameters";
          uses apply-advanced;

          list external-irb {
            key "name";
            ordered-by user;
            description
              "List of IRBs for external connectivity";
            leaf name {
              junos:must "(".. .. .. .. .. .. interface $$")";
              junos:must-message "Interface must be configured in this instance";
              junos:must "("interfaces $$")";
              junos:must-message "Interface must be defined";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "External vlan interface name";
            }

            uses apply-advanced;
          }  // list external-irb
        }  // container pim-evpn-gateway
      }  // container oism

      choice flexible-cross-connect-type {
        leaf flexible-cross-connect-vlan-aware {
          junos:must "(!(".. encapsulation mpls-inet6"))";
          junos:must-message "EVPN flexible cross-connect not supported with encapsulation mpls-inet6";
          junos:must "(!(".. flexible-cross-connect-vlan-unaware"))";
          junos:must-message "VPWS Instance can support either vlan aware or unaware service";
          junos:must "(".. .. .. instance-type evpn-vpws")";
          junos:must-message "instance-type evpn-vpws must be configured";
          type empty;
          description
            "Enable EVPN flexible cross-connect VLAN aware Service";
        }
        leaf flexible-cross-connect-vlan-unaware {
          junos:must "(!(".. flexible-cross-connect-vlan-aware"))";
          junos:must-message "VPWS Instance can support either vlan aware or unaware service";
          junos:must "(!(".. encapsulation mpls-inet6"))";
          junos:must-message "EVPN flexible cross-connect not supported with encapsulation mpls-inet6";
          junos:must "(".. .. .. instance-type evpn-vpws")";
          junos:must-message "instance-type evpn-vpws must be configured";
          type empty;
          description
            "Enable EVPN flexible cross-connect VLAN unaware Service";
        }
      }  // choice flexible-cross-connect-type

      leaf auto-service-id {
        junos:must "(".. flexible-cross-connect-vlan-aware")";
        junos:must-message "flexible-cross-connect-vlan-aware must be configured";
        junos:must "(".. .. .. instance-type evpn-vpws")";
        junos:must-message "instance-type evpn-vpws must be configured";
        type empty;
        description
          "Enable auto-derivation of VPWS service instance identifier";
      }

      leaf hot-standby-on {
        junos:must "(".. .. .. instance-type evpn-vpws")";
        junos:must-message "instance-type evpn-vpws must be configured";
        type empty;
        description
          "Activate evpn vpws upon becoming DF";
      }

      list group {
        junos:must "(".. flexible-cross-connect-vlan-unaware")";
        junos:must-message "flexible-cross-connect-vlan-unaware must be configured";
        junos:must "(".. .. .. instance-type evpn-vpws")";
        junos:must-message "instance-type evpn-vpws must be configured";
        key "name";
        ordered-by user;
        description
          "Enable EVPN flexible cross-connect VLAN unaware Service";
        leaf name {
          type string;
          description
            "Group name to group vlan unaware cross connects";
        }

        uses apply-advanced;

        container esi {
          presence "enable esi";
          description
            "ESI configuration to group vlan unaware cross connects";
          uses apply-advanced;

          leaf identifier {
            type jt:esi;
            description
              "ESI value for grouping of vlan unaware cross connects";
          }
        }  // container esi

        list interface {
          key "name";
          ordered-by user;
          description
            "Name of the  interface part of vlan unaware fxc";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;
        }  // list interface

        container service-id {
          presence "enable service-id";
          description
            "Service-id for vlan unaware cross connects for  EVPN VPWS";
          uses apply-advanced;

          leaf local {
            junos:must "(unique ".. .. group <*> service-id local $$")";
            junos:must-message "Unique Local SID can only be configured ";
            junos:must "(unique ".. .. interface <*> vpws-service-id local $$")";
            junos:must-message "Unique Local SID can only be configured ";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16777215";
              }
            }
            description
              "Local service id for vlan unaware service";
          }

          leaf remote {
            junos:must "(unique ".. .. group <*> service-id remote $$")";
            junos:must-message "Unique Remote SID can only be configured ";
            junos:must "(unique ".. .. interface <*> vpws-service-id remote $$")";
            junos:must-message "Unique Remote SID can only be configured ";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16777215";
              }
            }
            description
              "Remote service id for vlan unaware service";
          }
        }  // container service-id
      }  // list group

      container vni-options {
        junos:must "(".. .. .. vrf-target")";
        junos:must-message "vrf-target must be configured";
        junos:must "((".. extended-vni-list" || ".. .. .. instance-type mac-vrf"))";
        junos:must-message "Extended-vni-list must be configured for non mac-vrf instance";
        junos:must "(".. encapsulation vxlan")";
        junos:must-message "encapsulation vxlan must be configured";
        description "VNI options";
        uses apply-advanced;

        list vni {
          key "name";
          description "Per-vni options";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "1 .. 16777214";
              }
            }
          }

          uses apply-advanced;

          container vrf-target {
            description
              "VRF target community configuration";
            uses apply-advanced;

            leaf export {
              type string {
                junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
                junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
              }
              status deprecated;
              description
                "Target community to use when marking routes on export";
            }

            leaf community {
              type string {
                junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
                junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
              }
              description "Target community";
            }
          }  // container vrf-target
        }  // list vni
      }  // container vni-options

      container traceoptions {
        description
          "Trace options for Layer 2 VPNs";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "error" {
                value 0;
                description "Trace errors";
              }
              enum "topology" {
                value 1;
                description
                  "Trace Layer 2 VPN, VPLS and EVPN topology changes";
              }
              enum "nlri" {
                value 2;
                description
                  "Trace Layer 2 VPN, VPLS and EVPN remote site advertisements";
              }
              enum "connections" {
                value 3;
                description
                  "Trace Layer 2 VPN and VPLS connections";
              }
              enum "automatic-site" {
                value 4;
                description
                  "Trace VPLS automatic site state";
              }
              enum "oam" {
                value 5;
                description
                  "Trace OAM messages";
              }
              enum "mac-database" {
                value 6;
                description
                  "Trace MAC route database in a EVPN instance";
              }
              enum "nsr" {
                value 7;
                description
                  "Trace NSR in a EVPN instance";
              }
              enum "egress-protection" {
                value 8;
                description
                  "Trace Edge Protection messages";
              }
              enum "instance" {
                value 9;
                description
                  "Evpn instance related messages";
              }
              enum "interface" {
                value 10;
                description
                  "Interface related messages";
              }
              enum "l2aldsync" {
                value 11;
                description
                  "Messages related to EVPN-L2ALD communication";
              }
              enum "p2mp" {
                value 12;
                description "P2MP messages";
              }
              enum "esi" {
                value 13;
                description
                  "Evpn ethernet segment related messages";
              }
              enum "mcsn" {
                value 14;
                description
                  "Evpn multicast snooping related messages";
              }
              enum "vpws" {
                value 15;
                description "VPWS messages";
              }
              enum "irb" {
                value 16;
                description
                  "Integrated routing bridging messages";
              }
              enum "ar" {
                value 17;
                description
                  "Assisted-replication messages";
              }
              enum "etree" {
                value 18;
                description
                  "Evpn etree messages";
              }
              enum "kernel" {
                value 19;
                description
                  "Messages related to rpd-kernel communication";
              }
              enum "bd" {
                value 20;
                description
                  "Evpn bridge domain messages";
              }
              enum "pbb" {
                value 21;
                description
                  "Evpn provider backbone bridging messages";
              }
              enum "infra" {
                value 22;
                description
                  "Messages related to infrastructure in evpn";
              }
              enum "pfxdb" {
                value 23;
                description
                  "Type-5 related messages";
              }
              enum "route" {
                value 24;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 25;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 26;
                description
                  "Trace general events";
              }
              enum "state" {
                value 27;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 28;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 29;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 30;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 31;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf encapsulation-type {
        type enumeration {
          enum "atm-aal5" {
            value 0;
            description
              "ATM AAL/5 encapsulation";
          }
          enum "atm-cell" {
            value 1;
            description
              "ATM port promiscuous mode cell encapsulation";
          }
          enum "atm-cell-port-mode" {
            value 2;
            description
              "ATM port promiscuous mode cell encapsulation";
          }
          enum "atm-cell-vp-mode" {
            value 3;
            description
              "ATM VP promiscuous mode cell encapsulation";
          }
          enum "atm-cell-vc-mode" {
            value 4;
            description
              "ATM non-promiscuous cell encapsulation";
          }
          enum "frame-relay" {
            value 5;
            description
              "Frame Relay encapsulation";
          }
          enum "ppp" {
            value 6;
            description "PPP encapsulation";
          }
          enum "cisco-hdlc" {
            value 7;
            description
              "Cisco-compatible HDLC encapsulation";
          }
          enum "ethernet-vlan" {
            value 8;
            description
              "Ethernet VLAN encapsulation";
          }
          enum "ethernet" {
            value 9;
            description
              "Ethernet encapsulation";
          }
          enum "interworking" {
            value 10;
            description
              "Layer 2.5 interworking VPN";
          }
          enum "frame-relay-port-mode" {
            value 11;
            description
              "Frame Relay port mode encapsulation";
          }
          enum "satop-t1" {
            value 12;
            description
              "SATOP-T1 based Layer 2 VPN";
          }
          enum "satop-e1" {
            value 13;
            description
              "SATOP-E1 based Layer 2 VPN";
          }
          enum "satop-t3" {
            value 14;
            description
              "SATOP-T3 based Layer 2 VPN";
          }
          enum "satop-e3" {
            value 15;
            description
              "SATOP-E3 based Layer 2 VPN";
          }
          enum "cesop" {
            value 16;
            description
              "CESOP based Layer 2 VPN";
          }
        }
        description
          "Encapsulation type for VPN";
      }

      leaf control-word {
        type empty;
        description
          "Add control word to the Layer 2 encapsulation";
      }

      leaf no-control-word {
        type empty;
        description
          "Disables control word on the Layer 2 encapsulation";
      }

      leaf site-range {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65534";
          }
        }
        description
          "Maximum site identifier in this VPLS domain";
      }

      leaf label-block-size {
        type enumeration {
          enum "2" {
            value 0;
            description
              "Label block size of 2";
          }
          enum "4" {
            value 1;
            description
              "Label block size of 4";
          }
          enum "8" {
            value 2;
            description
              "Label block size of 8";
          }
          enum "16" {
            value 3;
            description
              "Label block size of 16";
          }
        }
        description
          "Label block size for this VPLS instance";
      }

      choice tunnel-services-choice {
        container tunnel-services {
          description
            "Use tunnel services for this VPLS instance";
          uses apply-advanced;

          leaf-list devices {
            type union {
              type jt:interface-device;
              type string {
                pattern "<.*>|$.*";
              }
            }
            ordered-by user;
            description
              "Tunnel services devices to use for this VPLS instance";
          }

          leaf primary {
            type union {
              type jt:interface-device;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Primary tunnel services device to use for VPLS instance";
          }
        }  // container tunnel-services
        leaf no-tunnel-services {
          type empty;
          description
            "Do not use tunnel services for this VPLS instance";
        }
      }  // choice tunnel-services-choice

      leaf community {
        type string;
        description
          "Community associated with this VPLS instance";
      }

      leaf vpls-id {
        type string;
        description
          "Identifier for this VPLS instance";
      }

      leaf mtu {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "512 .. 65535";
          }
        }
        description
          "MTU to be advertised to the remote end";
      }

      leaf ignore-mtu-mismatch {
        type empty;
        description
          "Allow different MTU values on local and remote end";
      }

      container mac-flush {
        presence "enable mac-flush";
        description
          "Enables mac-flush processing";
        uses apply-advanced;

        leaf any-interface {
          junos:must "((".. .. vpls-id" || any ".. .. mesh-group <*> vpls-id"))";
          junos:must-message "'any-interface' can be configured only for LDP VPLS";
          type empty;
          description
            "Send mac-flush when any AC interface goes down";
        }

        leaf any-spoke {
          junos:must "((".. .. vpls-id" || any ".. .. mesh-group <*> vpls-id"))";
          junos:must-message "'any-spoke' can be configured only for LDP VPLS";
          type empty;
          description
            "Send mac-flush when any spoke pseudo wire goes down";
        }

        leaf propagate {
          junos:must "((".. .. vpls-id" || any ".. .. mesh-group <*> vpls-id"))";
          junos:must-message "'propagate' can be configured only for LDP VPLS";
          type empty;
          description
            "Propagate mac-flush to the core";
        }
      }  // container mac-flush

      leaf ignore-encapsulation-mismatch {
        type empty;
        description
          "Allow different encapsulation types on local and remote end";
      }

      leaf pseudowire-status-tlv {
        type empty;
        description
          "Send pseudowire status TLV";
      }

      leaf flow-label-transmit {
        type empty;
        description
          "Advertise capability to push Flow Label in transmit direction to remote PE";
      }

      leaf flow-label-receive {
        type empty;
        description
          "Advertise capability to pop Flow Label in receive direction to remote PE";
      }

      leaf flow-label-transmit-static {
        junos:must "((".. vpls-id" || (".. .. .. l2vpn-id" || (".. .. .. instance-type evpn-vpws" || (".. .. .. instance-type evpn" || ".. .. .. instance-type virtual-switch")))))";
        junos:must-message "Flow-Label static only supported for FEC128 or FEC129 VPLS, EVPN, Virtual-switch or VPWS";
        junos:must "(!(".. flow-label-transmit"))";
        junos:must-message "Can't have flow-label-transmit-static along with flow-label-transmit";
        type empty;
        description
          "Push Flow Label on PW packets sent to remote PE";
      }

      leaf flow-label-receive-static {
        junos:must "((".. vpls-id" || (".. .. .. l2vpn-id" || (".. .. .. instance-type evpn-vpws" || (".. .. .. instance-type evpn" || ".. .. .. instance-type virtual-switch")))))";
        junos:must-message "Flow-Label static only supported for FEC128 or FEC129 VPLS, EVPN, Virtual-switch or VPWS";
        junos:must "(!(".. flow-label-receive"))";
        junos:must-message "Can't have flow-label-receive-static along with flow-label-receive";
        type empty;
        description
          "Pop Flow Label from PW packets received from remote PE";
      }

      container associate-profile {
        description
          "Associate profile options for dynamic IFL";
        uses apply-advanced;

        leaf profile-name {
          type string {
            length "1 .. 81";
          }
          description
            "Associated profile name";
        }

        leaf profile-variable-set {
          type string {
            length "1 .. 81";
          }
          description
            "Associate dynamic variable set with the profile";
        }
      }  // container associate-profile

      leaf connectivity-type {
        type enumeration {
          enum "ce" {
            value 0;
            description
              "CE interface is required";
          }
          enum "irb" {
            value 1;
            description
              "IRB interface is sufficient";
          }
          enum "permanent" {
            value 2;
            description
              "Pseudowire permanently up";
          }
        }
        description
          "Specify type of interface sufficient to bring vpls connection up";
      }

      list import-labeled-routes {
        junos:must "(!(".. neighbor"))";
        junos:must-message "not supported for static vpls";
        key "name";
        ordered-by user;
        description
          "Import ingress label route to instance.mpls.0 from mpls.0";
        leaf name {
          junos:must "("routing-instances $$ protocols mpls")";
          junos:must-message "protocols MPLS must be configured on routing-instance to import the labeled routes";
          junos:must "("routing-instances $$ instance-type virtual-router")";
          junos:must-message "Ingress labelled route can be imported only to routing-instance type virtual-router";
          junos:must "("routing-instances $$")";
          junos:must-message "Referenced routing instance must be defined";
          type string;
          description
            "Routing instance name where label route has to be imported";
        }
      }  // list import-labeled-routes

      container multi-homing {
        description
          "Multi-homing configuration for FEC129 VPLS";
        uses apply-advanced;

        leaf peer-active {
          type empty;
          description
            "Keep CE interfaces in up state when all BGP peers go down";
        }

        list site {
          key "name";
          description
            "Sites connected to this provider equipment";
          leaf name {
            type string;
            description
              "Name of Layer 2 VPN or VPLS site";
          }

          uses apply-advanced;

          leaf identifier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65534";
              }
            }
            description
              "Layer 2 VPN or VPLS multi-homing identifier";
          }

          leaf preference {
            type string;
            description
              "Layer 2 VPN or VPLS multi-homing preference";
          }

          container active-interface {
            description
              "Configure interface to designate as active";
            uses apply-advanced;

            choice interface_name {
              leaf any {
                type empty;
                description
                  "One configured interface is designated active at random";
              }
              leaf primary {
                junos:must "(".. .. .. .. .. .. interface $$")";
                junos:must-message "Interface must be part of this VPLS routing instance";
                type union {
                  type jt:interface-name;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Interface to designate as active if it is operational";
              }
            }  // choice interface_name
          }  // container active-interface

          list interface {
            key "name";
            ordered-by user;
            description
              "Interface that connects this site to the VPN";
            leaf name {
              junos:must "(".. .. .. .. .. .. interface $$")";
              junos:must-message "Interface must be part of this VPLS routing instance";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            leaf preference {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description
                "Layer 2 VPN or VPLS multi-homing preference for the interface";
            }
          }  // list interface

          leaf peer-active {
            type empty;
            description
              "Keep CE interfaces in up state when all BGP peers go down";
          }
        }  // list site
      }  // container multi-homing
    }  // grouping juniper-protocols-l2vpn

    grouping juniper-protocols-evi-options {
      uses apply-advanced;

      list isid {
        key "name";
        description "Per-evi options";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "256 .. 16777214";
            }
          }
        }

        uses apply-advanced;

        container vrf-target {
          description
            "VRF target community configuration";
          uses apply-advanced;

          leaf community {
            type string {
              junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
              junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
            }
            description "Target community";
          }
        }  // container vrf-target
      }  // list isid
    }  // grouping juniper-protocols-evi-options

    grouping juniper-protocols-evpn-interconnect {
      description
        "Interconnect configuration for the routing instance";
      uses apply-advanced;

      container route-distinguisher {
        description
          "Route distinguisher for this interconnect";
        leaf rd-type {
          type string {
            junos:posix-pattern "^[0-9.]+L?:[0-9]+$";
            junos:pattern-message "Use format 'x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. 123456L:100";
          }
          description
            "Number in (16 bit:32 bit) or (32 bit 'L':16 bit) or (IP address:16 bit) format";
        }
      }  // container route-distinguisher

      container esi {
        description
          "ESI configuration of interconnect";
        uses apply-advanced;

        leaf identifier {
          junos:must "(unique "interfaces <*> esi $$")";
          junos:must-message "ESI value must be unique across all IFDs and IFLs";
          type jt:esi;
          description
            "ESI value for interconnect";
        }

        choice mode {
          leaf all-active {
            type empty;
            description "All-active mode";
          }
        }  // choice mode

        container df-election-type {
          presence "enable df-election-type";
          description "DF Election Type";
          uses apply-advanced;

          choice pref_choice {
            container preference {
              presence "enable preference";
              description
                "Preference based DF election";
              uses apply-advanced;

              leaf value {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 65535";
                  }
                }
                default "32767";
                description
                  "Preference value for EVPN Multihoming DF election";
              }
            }  // container preference
          }  // choice pref_choice

          choice mod_choice {
            container mod {
              junos:must "(!(".. preference"))";
              junos:must-message "preference must not be configured";
              presence "enable mod";
              description
                "MOD based DF election";
            }  // container mod
          }  // choice mod_choice
        }  // container df-election-type
      }  // container esi

      leaf-list interconnected-vni-list {
        type string;
        description
          "List of translated VNIs (1..16777214) or all, that are to be EVPN interconnected";
      }
    }  // grouping juniper-protocols-evpn-interconnect

    grouping juniper-protocols-ldp {
      uses apply-advanced;

      container traceoptions {
        description "Trace options for LDP";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "error" {
                value 0;
                description
                  "Trace errored packets";
              }
              enum "event" {
                value 1;
                description
                  "Trace LDP state machine events";
              }
              enum "packet-dump" {
                value 2;
                description
                  "Dump the contents of selected packet types";
              }
              enum "packets" {
                value 3;
                description
                  "Trace all LDP packets";
              }
              enum "periodic" {
                value 4;
                description
                  "Trace periodic (hello and keepalive) packets";
              }
              enum "initialization" {
                value 5;
                description
                  "Trace initialization packets";
              }
              enum "notification" {
                value 6;
                description
                  "Trace notification packets";
              }
              enum "address" {
                value 7;
                description
                  "Trace address packets";
              }
              enum "label" {
                value 8;
                description
                  "Trace label packets";
              }
              enum "binding" {
                value 9;
                description
                  "Trace label binding state";
              }
              enum "path" {
                value 10;
                description
                  "Trace label path state";
              }
              enum "ppmd" {
                value 11;
                description
                  "Trace state and events for ppmd process";
              }
              enum "nsr-synchronization" {
                value 12;
                description
                  "Trace NSR synchronization events";
              }
              enum "link-protection" {
                value 13;
                description
                  "Trace link protection events";
              }
              enum
                "p2mp-nsr-synchronization" {
                value 14;
                description
                  "Trace p2mp NSR synchronization events";
              }
              enum "route" {
                value 15;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 16;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 17;
                description
                  "Trace general events";
              }
              enum "state" {
                value 18;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 19;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 20;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 21;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 22;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }

          container filter {
            presence "enable filter";
            description
              "Filter to apply to this flag";
            uses ldp_filter_obj;
          }  // container filter
        }  // list flag
      }  // container traceoptions

      container traffic-statistics {
        description
          "Collect statistics for LDP label-switched paths";
        uses apply-advanced;

        container file {
          description
            "Statistics file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "60 .. 65535";
            }
          }
          description
            "Time to collect statistics (seconds)";
        }

        leaf no-penultimate-hop {
          type empty;
          description
            "No penultimate hop statistics collection";
        }
      }  // container traffic-statistics

      container graceful-restart {
        description
          "Configure graceful restart attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf helper-disable {
          type empty;
          description
            "Disable the graceful restart helper capability";
        }

        leaf recovery-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "120 .. 1800";
            }
          }
          units "seconds";
          description
            "Time required for recovery";
        }

        leaf maximum-neighbor-recovery-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "140 .. 1900";
            }
          }
          units "seconds";
          description
            "Maximum time stale mappings are maintained";
        }

        leaf reconnect-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 300";
            }
          }
          units "seconds";
          description
            "Time required to reestablish session after graceful restart";
        }

        leaf maximum-neighbor-reconnect-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 300";
            }
          }
          units "seconds";
          description
            "Maximum reconnect time allowed from a restarting neighbor";
        }
      }  // container graceful-restart

      container auto-targeted-session {
        presence
          "enable auto-targeted-session";
        description
          "Configure auto targeted session parameters";
        uses apply-advanced;

        leaf teardown-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 300";
            }
          }
          units "seconds";
          default "90";
          description
            "Auto targeted session tear down delay";
        }

        leaf maximum-sessions {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000";
            }
          }
          default "100";
          description
            "Auto targeted maximum sessions";
        }

        leaf no-rlfa {
          type empty;
          description
            "Do not allow RLFA in auto targeted sessions";
        }

        leaf no-dynamic-tunnels {
          type empty;
          description
            "Do not allow dynamic tunnels in auto targeted sessions";
        }
      }  // container auto-targeted-session

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Route preference";
      }

      leaf no-forwarding {
        type empty;
        description
          "Do not use LDP ingress routes for forwarding";
      }

      leaf rib-group {
        junos:must "("routing-options rib-groups $$")";
        junos:must-message "Referenced rib-group must be defined";
        type string;
        description
          "Routing table group for importing ingress routes";
      }

      leaf rib-group6 {
        junos:must "("routing-options rib-groups $$")";
        junos:must-message "Referenced rib-group must be defined";
        type string;
        description
          "Routing table group for importing ingress v6 routes";
      }

      leaf l2-smart-policy {
        type empty;
        description
          "Do not export or import Layer 3 FECs for Layer 2 sessions";
      }

      leaf track-igp-metric {
        type empty;
        description "Track the IGP metric";
      }

      leaf strict-targeted-hellos {
        type empty;
        description
          "Do not send targeted hellos to unconfigured neighbors";
      }

      container longest-match {
        presence "enable longest-match";
        description
          "Configure longest match";
        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Longest match import policy";
        }
      }  // container longest-match

      leaf-list color-import-policy {
        type jt:policy-algebra;
        ordered-by user;
        description "Import color policy";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      leaf-list egress-policy {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Configure LSP egress policy";
      }

      leaf-list dod-request-policy {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Configure DoD label request policy";
      }

      container next-hop {
        description "LDP next-hop control";
        uses apply-advanced;

        container merged {
          junos:must "("protocols ldp deaggregate")";
          junos:must-message "next-hop merged policy requires deaggregate to be enabled.";
          description "Merged next hop";
          uses apply-advanced;

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Merged next-hop policy";
          }
        }  // container merged

        container no-rsvp-tunneling {
          junos:must "("protocols ldp deaggregate")";
          junos:must-message "next-hop no-rsvp-tunneling policy requires deaggregate to be enabled.";
          description "No rsvp tunneling";
          uses apply-advanced;

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description
              "No rsvp tunneling next-hop policy";
          }
        }  // container no-rsvp-tunneling
      }  // container next-hop

      choice mtu-discovery-choice {
        leaf mtu-discovery {
          type empty;
          description
            "Enable TCP path MTU discovery";
        }
        leaf no-mtu-discovery {
          type empty;
          description
            "Don't enable TCP path MTU discovery";
        }
      }  // choice mtu-discovery-choice

      choice deaggregate-choice {
        leaf deaggregate {
          type empty;
          description
            "Deaggregate FECs into separate labels";
        }
        leaf no-deaggregate {
          type empty;
          description
            "Don't deaggregate FECs into separate labels";
        }
      }  // choice deaggregate-choice

      leaf explicit-null {
        type empty;
        description
          "Advertise the EXPLICIT_NULL label for egress FECs";
      }

      leaf label-withdrawal-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 120";
          }
        }
        units "seconds";
        default "60";
        description
          "Delay label withdrawal for FECs to avoid label churn";
      }

      container make-before-break {
        presence "enable make-before-break";
        description
          "Configure make before break";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 300";
            }
          }
          units "seconds";
          default "30";
          description
            "Make before break timeout";
        }

        leaf switchover-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 300";
            }
          }
          units "seconds";
          default "3";
          description
            "Make before break switchover delay";
        }
      }  // container make-before-break

      container transport-address {
        description
          "Address used for TCP sessions";
        choice address-choice {
          leaf router-id {
            type empty;
            description
              "Use router ID for TCP connections";
          }
          leaf interface {
            type empty;
            description
              "Use interface address for TCP connections";
          }
          leaf address {
            type jt:ipaddr;
            description
              "Use specified address for TCP connections";
          }
        }  // choice address-choice
      }  // container transport-address

      leaf keepalive-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "Keepalive interval (seconds)";
      }

      leaf keepalive-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "Keepalive timeout (seconds)";
      }

      list interface {
        key "name";
        description
          "Enable LDP on this interface";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable LDP on this interface";
          }
        }  // choice enable-disable

        leaf hello-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Hello interval (seconds)";
        }

        leaf hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Hello hold time (seconds)";
        }

        container link-protection {
          presence "enable link-protection";
          description
            "Enable link protection to protect interface for link faults only";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable link-protection";
            }
          }  // choice enable-disable

          leaf dynamic-rsvp-lsp {
            type empty;
            description
              "Enable setup of dynamic rsvp lsp for link protection";
          }
        }  // container link-protection

        container transport-address {
          description
            "Address used for TCP sessions";
          choice address-choice {
            leaf router-id {
              type empty;
              description
                "Use router ID for TCP connections";
            }
            leaf interface {
              type empty;
              description
                "Use interface address for TCP connections";
            }
            leaf address {
              type jt:ipaddr;
              description
                "Use specified address for TCP connections";
            }
          }  // choice address-choice
        }  // container transport-address

        choice allow-subnet-mismatch-choice {
          leaf allow-subnet-mismatch {
            type empty;
            description
              "Allow subnet mismatch for source address in hello packet";
          }
          leaf no-allow-subnet-mismatch {
            type empty;
            description
              "Don't allow subnet mismatch for source address in hello packet";
          }
        }  // choice allow-subnet-mismatch-choice
      }  // list interface

      list neighbor {
        key "name";
        description
          "Configure a remote LDP neighbor";
        leaf name {
          type jt:ipaddr;
          description "Neighbor address";
        }

        uses apply-advanced;
      }  // list neighbor

      list session {
        key "name";
        description
          "Configure session parameters";
        leaf name {
          type jt:ipaddr;
          description
            "Session destination address";
        }

        uses apply-advanced;

        leaf authentication-key {
          type string {
            length "1 .. 126";
          }
          description
            "MD5 authentication key";
        }

        leaf authentication-algorithm {
          junos:must "(".. authentication-key-chain")";
          junos:must-message "May not be configured without authentication-key-chain";
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "md5" {
              value 0;
              description "Message Digest 5";
            }
            enum "hmac-sha-1-96" {
              value 1;
              description
                "Hash-based Message Authentication Code (SHA1) (96 bits)";
            }
            enum "aes-128-cmac-96" {
              value 2;
              description
                "Cipher-based Message Authentication Code (AES128) (96 bits)";
            }
            enum "ao" {
              value 3;
              description
                "TCP Authentication Option";
            }
          }
          default "hmac-sha-1-96";
          description
            "Authentication algorithm name";
        }

        leaf tcpao-handling-with-digest-mismatch {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "drop-if-no-tcpao" {
              value 0;
              description
                "Drop the connection if Digest mismatched";
            }
            enum "allow-without-tcpao" {
              value 1;
              description
                "Allow the connection establishment without TCP-AO";
            }
          }
          description
            "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
        }

        leaf authentication-key-chain {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          junos:must "("security authentication-key-chains key-chain $$")";
          junos:must-message "Referenced key-chain must be defined";
          type string {
            length "1 .. 128";
          }
          description "Key chain name";
        }

        leaf downstream-on-demand {
          type empty;
          description
            "Configure downstream on demand label distribution mode";
        }

        leaf transport-address {
          type jt:ipaddr;
          description
            "Address used for TCP sessions to the neighbor";
        }

        choice mtu-discovery-choice {
          leaf mtu-discovery {
            type empty;
            description
              "Enable TCP path MTU discovery";
          }
          leaf no-mtu-discovery {
            type empty;
            description
              "Don't enable TCP path MTU discovery";
          }
        }  // choice mtu-discovery-choice
      }  // list session

      list session-group {
        key "name";
        description
          "Configure session group parameters";
        leaf name {
          type jt:ipprefix;
          description
            "Session destination address/prefix length";
        }

        uses apply-advanced;

        leaf authentication-key {
          type string {
            length "1 .. 126";
          }
          description
            "MD5 authentication key";
        }

        leaf authentication-algorithm {
          junos:must "(".. authentication-key-chain")";
          junos:must-message "May not be configured without authentication-key-chain";
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "md5" {
              value 0;
              description "Message Digest 5";
            }
            enum "hmac-sha-1-96" {
              value 1;
              description
                "Hash-based Message Authentication Code (SHA1) (96 bits)";
            }
            enum "aes-128-cmac-96" {
              value 2;
              description
                "Cipher-based Message Authentication Code (AES128) (96 bits)";
            }
            enum "ao" {
              value 3;
              description
                "TCP Authentication Option";
            }
          }
          default "hmac-sha-1-96";
          description
            "Authentication algorithm name";
        }

        leaf tcpao-handling-with-digest-mismatch {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "drop-if-no-tcpao" {
              value 0;
              description
                "Drop the connection if Digest mismatched";
            }
            enum "allow-without-tcpao" {
              value 1;
              description
                "Allow the connection establishment without TCP-AO";
            }
          }
          description
            "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
        }

        leaf authentication-key-chain {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          junos:must "("security authentication-key-chains key-chain $$")";
          junos:must-message "Referenced key-chain must be defined";
          type string {
            length "1 .. 128";
          }
          description "Key chain name";
        }

        leaf downstream-on-demand {
          type empty;
          description
            "Configure downstream on demand label distribution mode";
        }

        leaf transport-address {
          type jt:ipaddr;
          description
            "Address used for TCP sessions to the neighbor";
        }

        choice mtu-discovery-choice {
          leaf mtu-discovery {
            type empty;
            description
              "Enable TCP path MTU discovery";
          }
          leaf no-mtu-discovery {
            type empty;
            description
              "Don't enable TCP path MTU discovery";
          }
        }  // choice mtu-discovery-choice
      }  // list session-group

      container session-protection {
        presence "enable session-protection";
        description
          "Configure session protection";
        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          units "seconds";
          description
            "Session protection timeout";
        }
      }  // container session-protection

      container igp-synchronization {
        description
          "Configure IGP synchronization parameters";
        uses apply-advanced;

        leaf holddown-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 300";
            }
          }
          units "seconds";
          description
            "Time to hold the up notification to the IGPs";
        }
      }  // container igp-synchronization

      container log-updown {
        description
          "Logging actions for LSP up/down events";
        uses apply-advanced;

        container trap {
          description "SNMP traps options";
          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable LDP LSP up/down trap";
            }
          }  // choice enable-disable
        }  // container trap
      }  // container log-updown

      container policing {
        description
          "Configure policing for an LDP FEC";
        uses apply-advanced;

        list fec {
          key "name";
          ordered-by user;
          description
            "Forwarding equivalence class";
          leaf name {
            type jt:ipv4prefix;
            description
              "Forwarding equivalence class address";
          }

          uses apply-advanced;

          leaf ingress-traffic {
            junos:must "(("firewall family any filter $$" || (!("firewall") && ".. .. .. .. .. .. .. .. firewall family any filter $$")))";
            junos:must-message "referenced filter must be defined under firewall family any";
            type string {
              junos:posix-pattern "!^((__.*)|(.{65,}))$";
              junos:pattern-message "Must be a non-reserved string of 64 characters or less";
            }
            description
              "Name of filter to use for policing ingress LDP traffic";
          }

          leaf transit-traffic {
            junos:must "(("firewall family any filter $$" || (!("firewall") && ".. .. .. .. .. .. .. .. firewall family any filter $$")))";
            junos:must-message "referenced filter must be defined under firewall family any";
            type string {
              junos:posix-pattern "!^((__.*)|(.{65,}))$";
              junos:pattern-message "Must be a non-reserved string of 64 characters or less";
            }
            description
              "Name of filter to use for policing transit LDP traffic";
          }
        }  // list fec
      }  // container policing

      container entropy-label {
        description
          "Insert entropy label for  a LDP FEC";
        uses apply-advanced;

        leaf-list ingress-policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Entropy label ingress policy";
        }
      }  // container entropy-label

      container oam {
        description
          "Configure periodic OAM for a LDP FEC";
        uses apply-advanced;

        leaf-list ingress-policy {
          type jt:policy-algebra;
          ordered-by user;
          description "OAM ingress policy";
        }

        leaf-list bfd-port-egress-policy {
          type jt:policy-algebra;
          ordered-by user;
          description "OAM egress policy";
        }

        list fec {
          key "name";
          ordered-by user;
          description
            "Forwarding equivalence class";
          leaf name {
            type jt:ipv4prefix;
            description
              "Forwarding equivalence class address";
          }

          uses apply-advanced;

          choice bfd_liveness_detection_type {
            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection (BFD) options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time

              leaf ecmp {
                type empty;
                description
                  "Enable equal cost multipath (ECMP) support for BFD";
              }

              container failure-action {
                description
                  "Action to take when BFD session goes down";
                choice action-choice {
                  leaf remove-route {
                    type empty;
                    description
                      "Remove LDP route from the ribs";
                  }
                  leaf remove-nexthop {
                    type empty;
                    description
                      "Remove LDP nexthop from the route";
                  }
                }  // choice action-choice
              }  // container failure-action

              leaf holddown-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255000";
                  }
                }
                units "milliseconds";
                default "0";
                description
                  "Time to hold the session-UP notification to the client";
              }

              leaf no-router-alert-option {
                type empty;
                description
                  "Do not set Router-Alert options in IP header for MPLS-BFD";
              }

              leaf use-ip-ttl-1 {
                type empty;
                description
                  "Set TTL value to 1 in IP header for MPLS-BFD";
              }
            }  // container bfd-liveness-detection
            leaf no-bfd-liveness-detection {
              type empty;
              description
                "Disable BFD liveness detection";
            }
          }  // choice bfd_liveness_detection_type

          container periodic-traceroute {
            presence
              "enable periodic-traceroute";
            description
              "Configure periodic traceroute";
            uses apply-advanced;

            leaf frequency {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "15 .. 120";
                }
              }
              units "minutes";
              description
                "Time between traceroute attempts";
            }

            leaf ttl {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 255";
                }
              }
              description
                "Maximum time-to-live value";
            }

            leaf retries {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 9";
                }
              }
              description
                "Number of times to resend probe";
            }

            leaf wait {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "5 .. 15";
                }
              }
              units "seconds";
              description
                "Time to wait before resending probe";
            }

            leaf paths {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 255";
                }
              }
              description
                "Maximum number of paths to traverse";
            }

            leaf source {
              type jt:ipv4addr;
              description
                "Source address to use when sending probes";
            }

            leaf exp {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "0 .. 7";
                }
              }
              description
                "Class-of-service value to use when sending probes";
            }

            leaf fanout {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 64";
                }
              }
              description
                "Maximum number of nexthops to search per node";
            }

            leaf disable {
              type empty;
              description
                "Disable periodic traceroute for a FEC";
            }
          }  // container periodic-traceroute
        }  // list fec

        container bfd-liveness-detection {
          description
            "Bidirectional Forwarding Detection (BFD) options";
          uses apply-advanced;

          leaf version {
            type enumeration {
              enum "0" {
                value 0;
                description
                  "BFD version 0 (deprecated)";
              }
              enum "1" {
                value 1;
                description "BFD version 1";
              }
              enum "automatic" {
                value 2;
                description
                  "Choose BFD version automatically";
              }
            }
            default "automatic";
            description
              "BFD protocol version number";
          }

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit and receive interval";
          }

          leaf minimum-transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            status deprecated;
            description
              "Minimum transmit interval";
          }

          leaf minimum-receive-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum receive interval";
          }

          leaf multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            default "3";
            description
              "Detection time multiplier";
          }

          choice adaptation-choice {
            leaf no-adaptation {
              type empty;
              description
                "Disable adaptation";
            }
          }  // choice adaptation-choice

          container transmit-interval {
            description
              "Transmit-interval options";
            uses apply-advanced;

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit interval";
            }

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High transmit interval triggering a trap";
            }
          }  // container transmit-interval

          container detection-time {
            description
              "Detection-time options";
            uses apply-advanced;

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High detection-time triggering a trap";
            }
          }  // container detection-time

          leaf ecmp {
            type empty;
            description
              "Enable equal cost multipath (ECMP) support for BFD";
          }

          container failure-action {
            description
              "Action to take when BFD session goes down";
            choice action-choice {
              leaf remove-route {
                type empty;
                description
                  "Remove LDP route from the ribs";
              }
              leaf remove-nexthop {
                type empty;
                description
                  "Remove LDP nexthop from the route";
              }
            }  // choice action-choice
          }  // container failure-action

          leaf holddown-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255000";
              }
            }
            units "milliseconds";
            default "0";
            description
              "Time to hold the session-UP notification to the client";
          }

          leaf no-router-alert-option {
            type empty;
            description
              "Do not set Router-Alert options in IP header for MPLS-BFD";
          }

          leaf use-ip-ttl-1 {
            type empty;
            description
              "Set TTL value to 1 in IP header for MPLS-BFD";
          }
        }  // container bfd-liveness-detection

        container periodic-traceroute {
          presence
            "enable periodic-traceroute";
          description
            "Configure periodic traceroute";
          uses apply-advanced;

          leaf frequency {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "15 .. 120";
              }
            }
            units "minutes";
            description
              "Time between traceroute attempts";
          }

          leaf ttl {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 255";
              }
            }
            description
              "Maximum time-to-live value";
          }

          leaf retries {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 9";
              }
            }
            description
              "Number of times to resend probe";
          }

          leaf wait {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "5 .. 15";
              }
            }
            units "seconds";
            description
              "Time to wait before resending probe";
          }

          leaf paths {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 255";
              }
            }
            description
              "Maximum number of paths to traverse";
          }

          leaf source {
            type jt:ipv4addr;
            description
              "Source address to use when sending probes";
          }

          leaf exp {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "0 .. 7";
              }
            }
            description
              "Class-of-service value to use when sending probes";
          }

          leaf fanout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 64";
              }
            }
            description
              "Maximum number of nexthops to search per node";
          }
        }  // container periodic-traceroute

        leaf lsp-ping-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "30 .. 3600";
            }
          }
          units "seconds";
          default "60";
          description
            "Time interval between LSP ping messages";
        }

        leaf lsp-ping-multiplier {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 5";
            }
          }
          description
            "Number of ping reply missed before declaring BFD down";
        }
      }  // container oam

      container targeted-hello {
        description
          "Configure targeted hello parameters";
        uses apply-advanced;

        leaf hello-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Hello interval (seconds)";
        }

        leaf hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Hold interval (seconds)";
        }
      }  // container targeted-hello

      container p2mp {
        presence "enable p2mp";
        description
          "Advertise P2MP capability to peers";
        uses apply-advanced;

        container recursive {
          description
            "Configure P2MP recursive parameters";
          uses apply-advanced;

          leaf route {
            type empty;
            description
              "Allow recursive route resolution to signal P2MP FEC";
          }
        }  // container recursive

        list root-address {
          key "name";
          description
            "Configure the root address of P2MP LSP";
          leaf name {
            type jt:ipaddr;
            description
              "Root address of the P2MP LSP";
          }

          uses apply-advanced;

          list lsp-id {
            key "name";
            description
              "Configure the generic LSP identifier";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Generic LSP identifier value";
            }

            uses apply-advanced;
          }  // list lsp-id

          list group-address {
            key "name";
            description
              "IPv4/Ipv6 group address for mLDP LSP";
            leaf name {
              type jt:ipaddr;
              description
                "IPv4/Ipv6 group address";
            }

            uses apply-advanced;

            list source-address {
              key "name";
              description
                "IPv4/Ipv6 source address";
              leaf name {
                type jt:ipaddr;
                description
                  "IPv4/Ipv6 source address for mLDP LSP";
              }

              uses apply-advanced;
            }  // list source-address
          }  // list group-address
        }  // list root-address

        leaf no-rsvp-tunneling {
          type empty;
          description
            "Do not allow LDP P2MP to use RSVP-TE LSPs for tunneling";
        }
      }  // container p2mp

      container sr-mapping-client {
        presence "enable sr-mapping-client";
        description
          "Enable LDP to SR mapping-client functionality";
        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "SR mapping-client policy";
        }
      }  // container sr-mapping-client

      leaf upstream-label-assignment {
        type empty;
        description
          "Allow Upstream Label Assignment capability";
      }

      list family {
        key "name";
        ordered-by user;
        description "Address family";
        leaf name {
          type enumeration {
            enum "inet" {
              value 0;
              description "IPv4 family";
            }
            enum "inet6" {
              value 1;
              description "IPv6 family";
            }
          }
        }

        uses apply-advanced;
      }  // list family

      leaf transport-preference {
        type enumeration {
          enum "ipv4" {
            value 0;
            description
              "Use IPv4 for TCP connections";
          }
          enum "ipv6" {
            value 1;
            description
              "Use IPv6 for TCP connections";
          }
        }
        description
          "TCP transport preference";
      }

      container dual-transport {
        presence "enable dual-transport";
        description
          "Use separate IPv4 and IPv6 TCP transport";
        uses apply-advanced;

        leaf inet-lsr-id {
          type jt:ipv4addr;
          description
            "LSR identifier for address family inet";
        }

        leaf inet6-lsr-id {
          type jt:ipv4addr;
          description
            "LSR identifier for address family inet6";
        }
      }  // container dual-transport
    }  // grouping juniper-protocols-ldp

    grouping juniper-protocols-mpls {
      description
        "Multiprotocol Label Switching options";
      uses apply-advanced;

      list lsp-external-controller {
        key "name";
        ordered-by user;
        description
          "External path computing entity";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of less than 64 characters";
          }
          description
            "Name of the external path computing entity";
        }

        uses apply-advanced;

        container label-switched-path-template {
          description
            "Template for externally provisioned LSP parameters";
          uses apply-advanced;

          choice dynamic-template {
            leaf template-name {
              junos:must "(!("protocols mpls label-switched-path $$ p2mp"))";
              junos:must-message "Referenced template cannot be a p2mp template";
              junos:must "("protocols mpls label-switched-path $$ template")";
              junos:must-message "Referenced point-to-point LSP template does not exist";
              type string {
                junos:posix-pattern "![*<>]";
                junos:pattern-message "Template name should not contain '*' and angle brackets";
                length "1 .. 32";
              }
              description
                "Name of point-to-point LSP template";
            }
            leaf default-template {
              type empty;
              description
                "Use default parameters";
            }
          }  // choice dynamic-template
        }  // container label-switched-path-template

        container label-switched-path-p2mp-template {
          description
            "Template for externally provisioned P2MP LSP parameters";
          uses apply-advanced;

          choice dynamic-template {
            leaf template-name {
              junos:must "("protocols mpls label-switched-path $$ p2mp")";
              junos:must-message "Referenced template should be a p2mp template";
              junos:must "("protocols mpls label-switched-path $$ template")";
              junos:must-message "Referenced point-to-multipoint LSP template does not exist";
              type string {
                junos:posix-pattern "![*<>]";
                junos:pattern-message "Template name should not contain '*' and angle brackets";
                length "1 .. 32";
              }
              description
                "Name of point-to-multipoint LSP template";
            }
            leaf default-template {
              type empty;
              description
                "Use default parameters";
            }
          }  // choice dynamic-template
        }  // container label-switched-path-p2mp-template

        list pce-controlled-lsp {
          key "name";
          ordered-by user;
          description
            "Template for externally provisioned LSP using regular expression";
          leaf name {
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of less than 64 characters";
            }
            description
              "Template regular expression";
          }

          uses apply-advanced;

          container label-switched-path-template {
            description
              "Template for externally provisioned LSP parameters";
            uses apply-advanced;

            leaf template-name {
              junos:must "(!("protocols mpls label-switched-path $$ p2mp"))";
              junos:must-message "Referenced template cannot be a p2mp template";
              junos:must "("protocols mpls label-switched-path $$ template")";
              junos:must-message "Referenced point-to-point LSP template does not exist";
              type string {
                junos:posix-pattern "![*<>]";
                junos:pattern-message "Template name should not contain '*' and angle brackets";
                length "1 .. 64";
              }
              description
                "Name of point-to-point LSP template";
            }
          }  // container label-switched-path-template

          container label-switched-path-p2mp-template {
            description
              "Template for externally provisioned P2MP LSP parameters";
            uses apply-advanced;

            leaf template-name {
              junos:must "("protocols mpls label-switched-path $$ p2mp")";
              junos:must-message "Referenced template should be a p2mp template";
              junos:must "("protocols mpls label-switched-path $$ template")";
              junos:must-message "Referenced point-to-multipoint LSP template does not exist";
              type string {
                junos:posix-pattern "![*<>]";
                junos:pattern-message "Template name should not contain '*' and angle brackets";
                length "1 .. 64";
              }
              description
                "Name of point-to-multipoint LSP template";
            }
          }  // container label-switched-path-p2mp-template
        }  // list pce-controlled-lsp
      }  // list lsp-external-controller

      container path-mtu {
        presence "enable path-mtu";
        description "Path MTU configuration";
        uses apply-advanced;

        leaf allow-fragmentation {
          type empty;
          description
            "If needed, fragment IP before encapsulating in MPLS";
        }

        container rsvp {
          presence "enable rsvp";
          description
            "RSVP-specific path MTU options";
          uses apply-advanced;

          leaf mtu-signaling {
            type empty;
            description
              "Enable RSVP path MTU signaling";
          }
        }  // container rsvp
      }  // container path-mtu

      container diffserv-te {
        description
          "Global diffserv-traffic-engineering options";
        uses apply-advanced;

        leaf bandwidth-model {
          type enumeration {
            enum "extended-mam" {
              value 0;
              description
                "Maximum allocation model with support for E-LSPs";
            }
            enum "mam" {
              value 1;
              description
                "Maximum allocation model";
            }
            enum "rdm" {
              value 2;
              description
                "Russian dolls model";
            }
          }
          description
            "Bandwidth constraint model supported";
        }

        container te-class-matrix {
          description
            "Supported combinations of traffic-class and preemption";
          uses apply-advanced;

          container te0 {
            description
              "Definition for traffic-engineering class te0";
            uses te-class-object;
          }  // container te0

          container te1 {
            description
              "Definition for traffic-engineering class te1";
            uses te-class-object;
          }  // container te1

          container te2 {
            description
              "Definition for traffic-engineering class te2";
            uses te-class-object;
          }  // container te2

          container te3 {
            description
              "Definition for traffic-engineering class te3";
            uses te-class-object;
          }  // container te3

          container te4 {
            description
              "Definition for traffic-engineering class te4";
            uses te-class-object;
          }  // container te4

          container te5 {
            description
              "Definition for traffic-engineering class te5";
            uses te-class-object;
          }  // container te5

          container te6 {
            description
              "Definition for traffic-engineering class te6";
            uses te-class-object;
          }  // container te6

          container te7 {
            description
              "Definition for traffic-engineering class te7";
            uses te-class-object;
          }  // container te7
        }  // container te-class-matrix
      }  // container diffserv-te

      container auto-policing {
        description
          "Automatic policing of LSPs";
        uses apply-advanced;

        list class {
          key "name";
          ordered-by user;
          description "Forwarding class";
          leaf name {
            type enumeration {
              enum "all" {
                value 0;
                description
                  "All forwarding classes";
              }
              enum "ct0" {
                value 1;
                description
                  "Forwarding class 0";
              }
              enum "ct1" {
                value 2;
                description
                  "Forwarding class 1";
              }
              enum "ct2" {
                value 3;
                description
                  "Forwarding class 2";
              }
              enum "ct3" {
                value 4;
                description
                  "Forwarding class 3";
              }
            }
          }

          uses apply-advanced;

          choice policing-action {
            leaf drop {
              type empty;
              description
                "Drop packets if bandwidth is exceeded";
            }
            leaf loss-priority-high {
              type empty;
              description
                "Set loss priority to high if bandwidth is exceeded";
            }
            leaf loss-priority-low {
              type empty;
              description
                "Set loss priority to low if bandwidth is exceeded";
            }
          }  // choice policing-action
        }  // list class
      }  // container auto-policing

      container statistics {
        description
          "Collect statistics for signaled label-switched paths";
        uses apply-advanced;

        container file {
          presence "enable file";
          description
            "Statistics file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 65535";
            }
          }
          description
            "Time to collect statistics (seconds)";
        }

        leaf auto-bandwidth {
          type empty;
          description
            "Enable auto bandwidth allocation";
        }

        leaf no-transit-statistics {
          type empty;
          description
            "Disable transit LSP statistics collection";
        }

        choice transit-polling-type {
          leaf no-transit-statistics-polling {
            type empty;
            status deprecated;
            description
              "Disable polling and display of transit lsp statistics";
          }
          leaf transit-statistics-polling {
            junos:must "(!(" .. no-transit-statistics"))";
            junos:must-message "no-transit-statistics and transit-statistics-polling cannot coexist";
            type empty;
            description
              "Enable polling and display of transit lsp statistics";
          }
        }  // choice transit-polling-type

        leaf no-bypass-statistics-polling {
          type empty;
          description
            "Disable polling and display of bypass lsp statistics";
        }

        leaf statistics-query-batch-size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 25";
            }
          }
          description
            "Number of LSPs for which statistics will be queried together";
        }
      }  // container statistics

      container p2mp-lsp {
        description
          "P2MP LSP control configuration";
        uses apply-advanced;

        leaf single-abr {
          type empty;
          description
            "Try to use same exit node for all inter-domain sub LSPs";
        }

        leaf no-re-merge {
          type empty;
          description
            "Avoid LSP CSPF creating remerge";
        }
      }  // container p2mp-lsp

      container log-updown {
        description
          "Logging actions for LSP up/down events";
        uses apply-advanced;

        choice syslog-choice {
          leaf syslog {
            type empty;
            description
              "Send syslog messages";
          }
          leaf no-syslog {
            type empty;
            description
              "Don't send syslog messages";
          }
        }  // choice syslog-choice

        choice trap-choice {
          leaf trap {
            type empty;
            description "Send SNMP traps";
          }
          container no-trap {
            presence "enable no-trap";
            description
              "Don't send SNMP traps";
            uses apply-advanced;

            leaf mpls-lsp-traps {
              type empty;
              description
                "Dont send mpls lsp up/down traps";
            }

            leaf rfc3812-traps {
              type empty;
              description
                "Dont send rfc3812 traps";
            }
          }  // container no-trap
        }  // choice trap-choice

        leaf trap-path-down {
          type empty;
          description
            "Send SNMP traps when a path goes down";
        }

        leaf trap-path-up {
          type empty;
          description
            "Send SNMP traps when a path goes up";
        }
      }  // container log-updown

      container optimize-adaptive-teardown {
        description
          "Post make before break adaptive teardown";
        uses apply-advanced;

        leaf p2p {
          type empty;
          description
            "Turn on post make before break adaptive teardown for p2p";
        }

        leaf timeout {
          junos:must "(".. p2p")";
          junos:must-message "adaptive-teardown must include 'p2p' attribute";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 65535";
            }
          }
          units "seconds";
          description
            "Timeout for adaptive teardown to clean up LSP";
        }

        container delay {
          junos:must "(".. p2p")";
          junos:must-message "adaptive-teardown must include 'p2p' attribute";
          description
            "Delay tearing down old optimized path after adaptive-teardown kicks in";
          uses apply-advanced;

          leaf delay-value {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "3 .. 65535";
              }
            }
            units "seconds";
            description
              "Delay tearing down old optimized path after adaptive-teardown kicks in";
          }
        }  // container delay
      }  // container optimize-adaptive-teardown

      container traffic-engineering {
        presence
          "enable traffic-engineering";
        description
          "Traffic-engineering control";
        uses apply-advanced;

        choice protocols {
          leaf bgp {
            type empty;
            description
              "BGP destinations only";
          }
          leaf bgp-igp {
            type empty;
            description
              "BGP and IGP destinations";
          }
          leaf bgp-igp-both-ribs {
            type empty;
            description
              "BGP and IGP destinations with routes in both routing tables";
          }
          leaf mpls-forwarding {
            type empty;
            description
              "Use MPLS routes for forwarding, not routing";
          }
        }  // choice protocols

        container database {
          description
            "Traffic engineering database";
          uses apply-advanced;

          container import {
            description
              "Configure TED import parameters";
            uses apply-advanced;

            container l3-unicast-topology {
              presence
                "enable l3-unicast-topology";
              description
                "Download L3-Unicast topology into RIB";
              uses apply-advanced;

              leaf bgp-link-state {
                type empty;
                description
                  "Export L3-Unicast topology, instead of TE topology, into BGP-LS";
              }
            }  // container l3-unicast-topology

            leaf-list policy {
              type jt:policy-algebra;
              ordered-by user;
              description
                "Configure import policy";
            }

            leaf identifier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint64 {
                  range
                    "2 .. 18446744073709551615";
                }
              }
              description
                "BGP-TE identifier";
            }

            leaf bgp-ls-identifier {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "BGP-TE domain identifier";
            }

            leaf ipv6 {
              type empty;
              description
                "Import ipv6 addresses";
            }
          }  // container import

          container export {
            description
              "Configure TED export related parameters";
            uses apply-advanced;

            leaf-list policy {
              type jt:policy-algebra;
              ordered-by user;
              description "Export policy";
            }

            container credibility {
              description
                "TED credibility value for entries from BGP-TE";
              uses apply-advanced;

              leaf unknown {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from unknown entities";
              }

              leaf direct {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from directly connected links";
              }

              leaf static {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from static configuration";
              }

              leaf ospf {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from ospf";
              }

              leaf isis-level-1 {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from ISIS Level 1";
              }

              leaf isis-level-2 {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from ISIS Level 2";
              }

              leaf bgp {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 512";
                  }
                }
                description
                  "Entries sourced from BGP";
              }
            }  // container credibility

            leaf l3-unicast-topology {
              type empty;
              description
                "Download RIB entries into L3-Unicast topology";
            }
          }  // container export
        }  // container database
      }  // container traffic-engineering

      list admin-groups {
        key "name";
        ordered-by user;
        description "Administrative groups";
        leaf name {
          type string;
          description "Group name";
        }

        uses apply-advanced;

        leaf group-value {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 31";
            }
          }
          description "Group bit position";
        }
      }  // list admin-groups

      leaf advertisement-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        units "seconds";
        default "5";
        description
          "Time that an 'LSP down' advertisement will be delayed";
      }

      leaf rsvp-error-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 240";
          }
        }
        units "seconds";
        default "25";
        description
          "Time that RSVP PathErr events will be remembered";
      }

      leaf optimize-aggressive {
        type empty;
        description
          "Run aggressive optimization algorithm based on IGP metric only";
      }

      leaf smart-optimize-timer {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "0 .. 65535";
          }
        }
        units "seconds";
        description
          "Path optimization interval after a link traversed by the path goes down";
      }

      leaf optimize-switchover-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "1 .. 900";
          }
        }
        units "seconds";
        description
          "Delay before switching LSP to newly optimized path";
      }

      leaf no-propagate-ttl {
        type empty;
        description
          "Disable TTL propagation from IP to MPLS (on push) and MPLS to IP (on pop)";
      }

      leaf explicit-null {
        type empty;
        description
          "Advertise the EXPLICIT_NULL label when the router is the egress";
      }

      leaf icmp-tunneling {
        type empty;
        description
          "Allow MPLS LSPs to be used for tunneling ICMP error packets";
      }

      leaf revert-timer {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "0 .. 65535";
          }
        }
        units "seconds";
        description
          "Hold-down window before reverting back to primary path, 0 means disable";
      }

      leaf optimize-hold-dead-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "0 .. 65535";
          }
        }
        units "seconds";
        description
          "Delay before tearing down the old optimized path";
      }

      leaf cspf-backoff-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "0 .. 65535";
          }
        }
        units "seconds";
        description
          "Delay before CSPF, when there is PathErr on backup path";
      }

      leaf expand-loose-hop {
        type empty;
        description
          "Perform CSPF path computation to expand loose hops";
      }

      leaf mib-mpls-show-p2mp {
        type empty;
        description
          "Show p2mp tunnels entries in mpls mib walk";
      }

      container bandwidth {
        description
          "Bandwidth to reserve (bps)";
        uses bandwidth-type;
      }  // container bandwidth

      container admin-group {
        description
          "Administrative group policy";
        uses admin_group_include_exclude;
      }  // container admin-group

      container admin-group-extended {
        description
          "Extended administrative group policy";
        uses admin_group_include_exclude;
      }  // container admin-group-extended

      container priority {
        presence "enable priority";
        description "Preemption priorities";
      }  // container priority

      leaf setup-priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 7";
          }
        }
        description "Set-up priority";
      }

      leaf reservation-priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 7";
          }
        }
        description "Reservation priority";
      }

      container oam {
        description "Periodic OAM";
        uses periodic_oam;
      }  // container oam

      leaf class-of-service {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "0 .. 7";
          }
        }
        description "Class-of-service value";
      }

      leaf no-decrement-ttl {
        type empty;
        description
          "Do not decrement the TTL within an LSP";
      }

      leaf hop-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "2 .. 255";
          }
        }
        description
          "Maximum allowed router hops";
      }

      leaf no-cspf {
        type empty;
        description
          "Disable automatic path computation";
      }

      leaf admin-down {
        type empty;
        description
          "Set GMPLS LSP to administrative down state";
      }

      leaf optimize-timer {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type int32 {
            range "0 .. 65535";
          }
        }
        units "seconds";
        description
          "Periodical path reoptimizations";
      }

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Preference value";
      }

      choice record-choice {
        leaf record {
          type empty;
          description
            "Record transit routers";
        }
        leaf no-record {
          type empty;
          description
            "Don't record transit routers";
        }
      }  // choice record-choice

      leaf standby {
        type empty;
        description
          "Keep backup paths in continuous standby";
      }

      leaf exclude-srlg {
        type empty;
        description
          "Exclude SRLG links for secondary path";
      }

      leaf ultimate-hop-popping {
        type empty;
        description
          "Request ultimate hop popping from egress";
      }

      leaf sync-active-path-bandwidth {
        type empty;
        description
          "Signal standby path with bandwidth obtained from active path";
      }

      leaf cross-credibility-cspf {
        type empty;
        description
          "Compute paths across multi-protocol links and nodes";
      }

      list label-switched-path {
        key "name";
        ordered-by user;
        description "Label-switched path";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description "Name of path";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable MPLS label-switched path";
          }
        }  // choice enable-disable

        container traceoptions {
          description
            "Trace options for MPLS label-switched path";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "cspf" {
                  value 0;
                  description
                    "Trace CSPF computation";
                }
                enum "cspf-node" {
                  value 1;
                  description
                    "Trace nodes visited during CSPF";
                }
                enum "cspf-link" {
                  value 2;
                  description
                    "Trace links visited during CSPF";
                }
                enum "cspf-abstract" {
                  value 3;
                  description
                    "Trace abstract hop based CSPF details";
                }
                enum "state" {
                  value 4;
                  description
                    "Trace state transitions";
                }
                enum "all" {
                  value 5;
                  description
                    "Trace everything";
                }
              }
            }
          }  // list flag
        }  // container traceoptions

        leaf no-install-to-address {
          type empty;
          description
            "Don't install host route 'to' address into routing tables";
        }

        leaf backup {
          type empty;
          description
            "Use LSP for IGP backup";
        }

        leaf from {
          type jt:ipv4addr;
          description
            "Address of ingress router";
        }

        container pop-and-forward {
          junos:must "(!(".. lsp-external-controller"))";
          junos:must-message "lsp-external-controller unsupported for pop-and-forward LSP";
          junos:must "(!(".. lsp-attributes"))";
          junos:must-message "lsp-attributes unsupported for pop-and-forward LSP";
          junos:must "(!(".. single-sided-associated-bidirectional"))";
          junos:must-message "single-sided-associated-bidirectional unsupported for pop-and-forward LSP";
          junos:must "(!(".. associate-lsp"))";
          junos:must-message "associate-lsp unsupported for pop-and-forward LSP";
          junos:must "(!(".. corouted-bidirectional-passive"))";
          junos:must-message "corouted-bidirectional-passive unsupported for pop-and-forward LSP";
          junos:must "(!(".. corouted-bidirectional"))";
          junos:must-message "corouted-bidirectional unsupported for pop-and-forward LSP";
          junos:must "(!(".. backup"))";
          junos:must-message "backup unsupported for pop-and-forward LSP";
          junos:must "(!(".. no-cspf"))";
          junos:must-message "no-cspf unsupported for pop-and-forward LSP";
          junos:must "(!((".. ultimate-hop-popping" || ".. .. ultimate-hop-popping")))";
          junos:must-message "ultimate hop popping unsupported for pop-and-forward LSP";
          junos:must "(!(".. p2mp"))";
          junos:must-message "p2mp unsupported for pop-and-forward LSP";
          junos:must "(!(".. node-link-protection"))";
          junos:must-message "link/node protection unsupported for pop-and-forward LSP";
          junos:must "(!(".. fast-reroute"))";
          junos:must-message "fast-reroute unsupported for pop-and-forward LSP";
          presence "enable pop-and-forward";
          description
            "Enable LSP as pop-and-forward with auto-delegation";
        }  // container pop-and-forward

        choice label-switched-path-or-template {
          leaf to {
            type jt:ipv4addr;
            description
              "Address of egress router";
          }
          leaf template {
            junos:must "(!(".. associate-lsp"))";
            junos:must-message "Template cannot have associate-lsp";
            junos:must "(!(".. corouted-bidirectional-passive"))";
            junos:must-message "Template cannot be passive bidirectional";
            junos:must "(!(".. corouted-bidirectional"))";
            junos:must-message "Template cannot be active bidirectional";
            junos:must "(!(".. lsp-external-controller"))";
            junos:must-message "Can't configure external controller in template";
            junos:must "(!(".. disable"))";
            junos:must-message "Not applicable for template";
            junos:must "(!((".. primary" || ".. secondary")))";
            junos:must-message "Template cannot include 'path' statement";
            type empty;
            description
              "Template for dynamic lsp paramaters";
          }
        }  // choice label-switched-path-or-template

        leaf corouted-bidirectional {
          junos:must "(!(".. p2mp"))";
          junos:must-message "p2mp unsupported for bidirectional LSP";
          junos:must "(!(".. auto-bandwidth"))";
          junos:must-message "auto-bandwidth unsupported for bidirectional LSP";
          junos:must "(!((".. link-protection" || ".. node-link-protection")))";
          junos:must-message "link/node protection unsupported for bidirectional LSP";
          junos:must "(!(".. fast-reroute"))";
          junos:must-message "fast-reroute unsupported for bidirectional LSP";
          junos:must "(!(".. corouted-bidirectional-passive"))";
          junos:must-message "Passive and active bidirectional attributes cannot coexist";
          type empty;
          description
            "Setup the LSP as a corouted bidirectional LSP";
        }

        leaf corouted-bidirectional-passive {
          junos:must "(!(".. p2mp"))";
          junos:must-message "p2mp unsupported for bidirectional LSP";
          junos:must "(!(".. auto-bandwidth"))";
          junos:must-message "auto-bandwidth unsupported for bidirectional LSP";
          junos:must "(!((".. link-protection" || ".. node-link-protection")))";
          junos:must-message "link/node protection unsupported for bidirectional LSP";
          junos:must "(!(".. fast-reroute"))";
          junos:must-message "fast-reroute unsupported for bidirectional LSP";
          junos:must "(!((".. standby" || ".. .. standby")))";
          junos:must-message "standby unsupported for passive bidirectional LSP";
          junos:must "(!(".. soft-preemption"))";
          junos:must-message "soft-preemption unsupported for passive bidirectional LSP";
          junos:must "(!((".. oam bfd-liveness-detection" || ".. .. oam bfd-liveness-detection")))";
          junos:must-message "oam bfd-liveness-detection unsupported for passive bidirectional LSP";
          junos:must "(!((".. no-decrement-ttl" || ".. .. no-decrement-ttl")))";
          junos:must-message "no-decrement-ttl unsupported for passive bidirectional LSP";
          junos:must "(!((".. exclude-srlg" || ".. .. exclude-srlg")))";
          junos:must-message "exclude-srlg unsupported for passive bidirectional LSP";
          junos:must "(!((".. bandwidth" || ".. .. bandwidth")))";
          junos:must-message "bandwidth unsupported for passive bidirectional LSP";
          junos:must "(!((".. admin-group-extended" || ".. .. admin-group-extended")))";
          junos:must-message "admin-group-extended unsupported for passive bidirectional LSP";
          junos:must "(!((".. admin-group" || ".. .. admin-group")))";
          junos:must-message "admin-group unsupported for passive bidirectional LSP";
          junos:must "(!(".. adaptive"))";
          junos:must-message "adaptive unsupported for passive bidirectional LSP";
          junos:must "(!(".. lsp-attributes"))";
          junos:must-message "Passive bidirectional LSP cannot include 'lsp-attributes' statement";
          junos:must "(!((".. primary" || ".. secondary")))";
          junos:must-message "Passive bidirectional LSP cannot include 'path' statement";
          type empty;
          description
            "Associate LSP with incoming corouted bidirectional LSP";
        }

        leaf metric {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16777215";
            }
          }
          description "Metric value";
        }

        leaf ldp-tunneling {
          type empty;
          description
            "Allow LDP to use this LSP for tunneling";
        }

        leaf soft-preemption {
          junos:must "(!(".. fast-reroute"))";
          junos:must-message "soft-preemption is unsupported when fast-reroute is desired";
          type empty;
          description
            "Attempt make-before-break service while preempting this LSP";
        }

        list install {
          key "name";
          ordered-by user;
          description "Install prefix";
          leaf name {
            type jt:ipprefix;
            description "Destination prefix";
          }

          leaf active {
            type empty;
            description
              "Install prefix into forwarding table";
          }
        }  // list install

        leaf retry-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 600";
            }
          }
          units "seconds";
          description
            "Time before retrying the primary path";
        }

        leaf retry-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 10000";
            }
          }
          description
            "Maximum number of times to retry primary path";
        }

        container lsp-attributes {
          description
            "Attributes for generalized LSP";
          uses apply-advanced;

          leaf signal-bandwidth {
            junos:must "(!((".. switching-type l2sc" || (".. switching-type psc-1" || ".. switching-type ethernet-vlan"))))";
            junos:must-message "signal-bandwidth invalid for VLAN LSP and Packet LSP";
            type enumeration {
              enum "ds1" {
                value 0;
                description "1.544 Mbps";
              }
              enum "vt1-5" {
                value 1;
                description "1.728 Mbps";
              }
              enum "e1" {
                value 2;
                description "2.048 Mbps";
              }
              enum "vt2" {
                value 3;
                description "2.304 Mbps";
              }
              enum "ethernet" {
                value 4;
                description "10 Mbps";
              }
              enum "e3" {
                value 5;
                description "34.368 Mbps";
              }
              enum "ds3" {
                value 6;
                description "44.736 Mbps";
              }
              enum "sts-1" {
                value 7;
                description "51.84 Mbps";
              }
              enum "fastether" {
                value 8;
                description "100.00 Mbps";
              }
              enum "stm-1" {
                value 9;
                description "155.52 Mbps";
              }
              enum "stm-4" {
                value 10;
                description "622.08 Mbps";
              }
              enum "gigether" {
                value 11;
                description "1000.00 Mbps";
              }
              enum "stm-16" {
                value 12;
                description "2488.32 Mbps";
              }
              enum "stm-64" {
                value 13;
                description "9953.28 Mbps";
              }
              enum "10gigether" {
                value 14;
                description "10000.00 Mbps";
              }
              enum "stm-256" {
                value 15;
                description "39813.12 Mbps";
              }
              enum "100gige" {
                value 16;
                description "100000.00 Mbps";
              }
            }
            description
              "Signal bandwidth for the LSP";
          }

          leaf switching-type {
            type enumeration {
              enum "psc-1" {
                value 0;
                description
                  "Packet switching";
              }
              enum "lambda" {
                value 1;
                description
                  "Lambda switching";
              }
              enum "fiber" {
                value 2;
                description
                  "Fiber switching";
              }
              enum "tdm" {
                value 3;
                description "TDM switching";
              }
              enum "ethernet-vlan" {
                junos:must "((!(".. encoding-type") || ".. encoding-type ethernet"))";
                junos:must-message "Only ethernet encoding supported for VLAN LSP";
                value 4;
                description
                  "Ethernet VLAN switching";
              }
            }
            description
              "LSP switching type desired";
          }

          leaf encoding-type {
            type enumeration {
              enum "packet" {
                value 0;
                description
                  "Packet encoding";
              }
              enum "ethernet" {
                value 1;
                description
                  "Ethernet encoding";
              }
              enum "pdh" {
                value 2;
                description "PDH encoding";
              }
              enum "sonet-sdh" {
                value 3;
                description
                  "SONET-SDH encoding";
              }
            }
            description
              "LSP encoding type desired";
          }

          leaf gpid {
            type enumeration {
              enum "ipv4" {
                value 0;
              }
              enum "ethernet" {
                value 1;
              }
              enum "ppp" {
                value 2;
              }
              enum "hdlc" {
                value 3;
              }
              enum
                "pos-no-scrambling-crc-16" {
                value 4;
              }
              enum
                "pos-no-scrambling-crc-32" {
                value 5;
              }
              enum "pos-scrambling-crc-16" {
                value 6;
              }
              enum "pos-scrambling-crc-32" {
                value 7;
              }
            }
            description "Generalized PID";
          }

          container upstream-label {
            description
              "Upstream Label for the bidirectional label-switched path";
            uses apply-advanced;

            leaf vlan-id {
              junos:must "(".. .. switching-type ethernet-vlan")";
              junos:must-message "VLAN label is valid only for VLAN LSP";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4094";
                }
              }
              description
                "VLAN ID label for the label-switched path";
            }
          }  // container upstream-label
        }  // container lsp-attributes

        leaf revert-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "Hold-down window before reverting back to primary path, 0 means disable";
        }

        leaf optimize-hold-dead-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "Delay before tearing down the old optimized path";
        }

        leaf cspf-backoff-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "Delay before CSPF, when there is PathErr on backup path";
        }

        container bandwidth {
          description
            "Bandwidth to reserve (bps)";
          uses bandwidth-type;
        }  // container bandwidth

        container admin-group {
          description
            "Administrative group policy";
          uses admin_group_include_exclude;
        }  // container admin-group

        container admin-group-extended {
          description
            "Extended administrative group policy";
          uses admin_group_include_exclude;
        }  // container admin-group-extended

        container priority {
          presence "enable priority";
          description
            "Preemption priorities";
        }  // container priority

        leaf setup-priority {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 7";
            }
          }
          description "Set-up priority";
        }

        leaf reservation-priority {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 7";
            }
          }
          description "Reservation priority";
        }

        container oam {
          description "Periodic OAM";
          uses periodic_oam;
        }  // container oam

        leaf class-of-service {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 7";
            }
          }
          description
            "Class-of-service value";
        }

        leaf no-decrement-ttl {
          type empty;
          description
            "Do not decrement the TTL within an LSP";
        }

        leaf hop-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "2 .. 255";
            }
          }
          description
            "Maximum allowed router hops";
        }

        leaf no-cspf {
          type empty;
          description
            "Disable automatic path computation";
        }

        leaf admin-down {
          type empty;
          description
            "Set GMPLS LSP to administrative down state";
        }

        leaf optimize-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "Periodical path reoptimizations";
        }

        leaf preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Preference value";
        }

        choice record-choice {
          leaf record {
            type empty;
            description
              "Record transit routers";
          }
          leaf no-record {
            type empty;
            description
              "Don't record transit routers";
          }
        }  // choice record-choice

        leaf standby {
          type empty;
          description
            "Keep backup paths in continuous standby";
        }

        leaf exclude-srlg {
          type empty;
          description
            "Exclude SRLG links for secondary path";
        }

        leaf ultimate-hop-popping {
          type empty;
          description
            "Request ultimate hop popping from egress";
        }

        leaf sync-active-path-bandwidth {
          type empty;
          description
            "Signal standby path with bandwidth obtained from active path";
        }

        leaf cross-credibility-cspf {
          type empty;
          description
            "Compute paths across multi-protocol links and nodes";
        }

        leaf entropy-label {
          type empty;
          description "Enable entropy label";
        }

        leaf self-ping-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 65535";
            }
          }
          units "seconds";
          description
            "Duration over which to run self-ping (65535 = until success). Default = 1800s";
        }

        leaf no-self-ping {
          type empty;
          description
            "Do not run self-ping for this LSP";
        }

        choice cspf-attribute {
          leaf random {
            type empty;
            description
              "Randomly select among equal-cost paths";
          }
          leaf least-fill {
            type empty;
            description
              "Select the least filled among equal-cost paths";
          }
          leaf most-fill {
            type empty;
            description
              "Select the most filled among equal-cost paths";
          }
        }  // choice cspf-attribute

        leaf description {
          type string {
            length "1 .. 80";
          }
          description
            "Text description of label-switched path";
        }

        choice lp-type {
          leaf link-protection {
            type empty;
            description
              "Protect LSP from link faults only";
          }
          leaf node-link-protection {
            type empty;
            description
              "Protect LSP from both link and node faults";
          }
        }  // choice lp-type

        leaf intra-domain {
          type empty;
          status deprecated;
          description "Intra-domain LSP";
        }

        leaf inter-domain {
          type empty;
          description "Inter-domain LSP";
        }

        leaf adaptive {
          type empty;
          description
            "Have the LSP smoothly cut over to new routes";
        }

        container in-place-lsp-bandwidth-update {
          junos:must "(!(".. fast-reroute"))";
          junos:must-message "In-place update unsupported for LSPs requesting detour protection";
          junos:must "(!((".. lsp-external-controller" || ".. .. lsp-external-controller")))";
          junos:must-message "In-place update unsupported for externally controlled LSPs";
          junos:must "(!(".. single-sided-associated-bidirectional"))";
          junos:must-message "In-place update unsupported for single-sided-associated-bidirectional LSPs";
          junos:must "(!(".. corouted-bidirectional-passive"))";
          junos:must-message "In-place update unsupported for corouted-bidirectional-passive LSPs";
          junos:must "(!(".. corouted-bidirectional"))";
          junos:must-message "In-place update unsupported for corouted-bidirectional LSPs";
          junos:must "(!((".. no-cspf" || ".. .. no-cspf")))";
          junos:must-message "In-place update unsupported for no-cspf LSPs";
          junos:must "(!(".. p2mp"))";
          junos:must-message "In-place update unsupported for p2mp sub-LSPs";
          presence
            "enable in-place-lsp-bandwidth-update";
          description
            "Update LSP in-place re-using the same LSP identifier";
        }  // container in-place-lsp-bandwidth-update

        container fast-reroute {
          presence "enable fast-reroute";
          description "Fast reroute";
          uses apply-advanced;

          leaf hop-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 255";
              }
            }
            description
              "Maximum allowed router hops";
          }

          choice bw-attribute {
            leaf bandwidth {
              type string;
              description
                "Bandwidth to reserve (bps)";
            }
            leaf bandwidth-percent {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type int32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of main path bandwidth to reserve";
            }
          }  // choice bw-attribute

          choice include_any_or_no_include_any {
            leaf no-include-any {
              type empty;
              description
                "Disable include-any checking";
            }
            leaf-list include-any {
              type string;
              ordered-by user;
              description
                "Groups, one or more of which must be present";
            }
          }  // choice include_any_or_no_include_any

          choice include_all_or_no_include_all {
            leaf no-include-all {
              type empty;
              description
                "Disable include-all checking";
            }
            leaf-list include-all {
              type string;
              ordered-by user;
              description
                "Groups, all of which must be present";
            }
          }  // choice include_all_or_no_include_all

          choice exclude_or_no_exclude {
            leaf no-exclude {
              type empty;
              description
                "Disable exclude checking";
            }
            leaf-list exclude {
              type string;
              ordered-by user;
              description
                "Groups, all of which must be absent";
            }
          }  // choice exclude_or_no_exclude
        }  // container fast-reroute

        container p2mp {
          junos:must "(!(".. associate-backup-pe-groups"))";
          junos:must-message "backup-pe-group cannot be associated with P2MP LSP";
          junos:must "(!(".. egress-protection"))";
          junos:must-message "egress-protection unsupported for P2MP LSP branch";
          junos:must "(!(any ".. primary <*> adaptive"))";
          junos:must-message "adaptive unsupported for P2MP LSP branch path";
          junos:must "(!(".. adaptive"))";
          junos:must-message "adaptive unsupported for P2MP LSP branch";
          junos:must "(!(".. install"))";
          junos:must-message "install prefixes invalid for P2MP LSP branch";
          junos:must "(!(".. ldp-tunneling"))";
          junos:must-message "ldp-tunneling unsupported for P2MP LSP branch";
          junos:must "(!(".. backup"))";
          junos:must-message "backup invalid for P2MP LSP branch";
          junos:must "(!(".. no-install-to-address"))";
          junos:must-message "no-install-to-address invalid for P2MP LSP branch";
          junos:must "(!(".. node-link-protection"))";
          junos:must-message "node protection unsupported for P2MP LSP branch";
          junos:must "(!(".. fast-reroute"))";
          junos:must-message "fast-reroute unsupported for P2MP LSP branch";
          junos:must "(!(".. secondary"))";
          junos:must-message "secondary paths unsupported for P2MP LSP branch";
          junos:must "(!(".. ultimate-hop-popping"))";
          junos:must-message "For point-to-multipoint LSP, ultimate hop popping cannot be configured";
          junos:must "(!(".. lsp-external-controller"))";
          junos:must-message "Can't configure lsp-external-controller knob in p2mp LSPs";
          junos:must "((!(".. .. .. .. .. logical-systems") || !(".. .. ipv6-tunneling")))";
          junos:must-message "In logical systems, IPv6 tunneling cannot be configured with P2MP LSPs";
          junos:must "((any ".. p2mp <*>" || ".. template"))";
          junos:must-message "For S2L point-to-multipoint LSP, parent point-to-multipoint LSP name must be configured";
          presence "enable p2mp";
          description
            "Point-to-multipoint label-switched path";
          leaf path_name {
            junos:must "(!(".. .. .. label-switched-path $$"))";
            junos:must-message "The P2MP name is the same as an existing LSP name";
            junos:must "(!(".. .. template"))";
            junos:must-message "Name not applicable for point-to-multipoint template";
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of less than 64 characters";
            }
            description
              "Name of point-to-multipoint LSP";
          }
        }  // container p2mp

        container auto-bandwidth {
          junos:must "(!(".. p2mp"))";
          junos:must-message "Cannot do auto-bandwidth for P2MP LSP branch";
          junos:must "((!(".. lsp-attributes") || (".. lsp-attributes switching-type psc-1" && (!(".. lsp-attributes encoding-type") || ".. lsp-attributes encoding-type packet"))))";
          junos:must-message "Cannot do auto-bandwidth for non-packet LSP";
          presence "enable auto-bandwidth";
          description
            "Do auto bandwidth allocation for this LSP";
          uses apply-advanced;

          leaf adjust-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "300 .. 315360000";
              }
            }
            units "seconds";
            default "86400";
            description
              "Time to adjust LSP bandwidth";
          }

          leaf adjust-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 50";
              }
            }
            units "percent";
            default "0";
            description
              "Percentage change in average LSP utilization to trigger auto-adjustment";
          }

          leaf adjust-threshold-absolute {
            type string;
            units "bps";
            default "0";
            description
              "Change in average LSP utilization to trigger auto-adjustment";
          }

          leaf adjust-threshold-activate-bandwidth {
            type string;
            units "bps";
            description
              "Adjusts signaled bw if greater than this value";
          }

          leaf minimum-bandwidth {
            type string;
            units "bps";
            description
              "Minimum LSP bandwidth";
          }

          leaf maximum-bandwidth {
            type string;
            units "bps";
            description
              "Maximum LSP bandwidth";
          }

          leaf minimum-bandwidth-adjust-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "300 .. 31536000";
              }
            }
            units "seconds";
            description
              "Duration for which minimum bandwidth will be frozen";
          }

          leaf minimum-bandwidth-adjust-threshold-change {
            junos:must "(".. minimum-bandwidth-adjust-interval")";
            junos:must-message "minimum-bandwidth-adjust-interval must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 100";
              }
            }
            units "percent";
            description
              "Change in max average bandwidth to freeze min bandwidth";
          }

          leaf minimum-bandwidth-adjust-threshold-value {
            junos:must "(!(".. minimum-bandwidth-adjust-threshold-change"))";
            junos:must-message "minimum-bandwidth-adjust-threshold-change cannot be configured with minimum-bandwidth-adjust-threshold-value";
            junos:must "(".. minimum-bandwidth-adjust-interval")";
            junos:must-message "minimum-bandwidth-adjust-interval must be configured";
            type string;
            units "bps";
            status deprecated;
            description
              "Freeze min bandwidth if max average bandwidth falls below this bw";
          }

          leaf monitor-bandwidth {
            type empty;
            description
              "Monitor LSP bandwidth without adjustments";
          }

          leaf adjust-threshold-overflow-limit {
            junos:must "(((".. adjust-threshold" && ".. maximum-bandwidth") && (!(".. adjust-threshold $$={0}") && !(".. maximum-bandwidth $$={0}"))))";
            junos:must-message "Non-zero adjust-threshold and maximum-bandwidth MUST be configured";
            junos:must "(!(".. monitor-bandwidth"))";
            junos:must-message "adjust-threshold-overflow-limit cannot be used with monitor-bandwidth";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Number of consecutive overflow samples to trigger auto-adjustment";
          }

          leaf adjust-threshold-underflow-limit {
            junos:must "((".. adjust-threshold" && !(".. adjust-threshold 0")))";
            junos:must-message "Non-zero adjust-threshold must be configured";
            junos:must "(!(".. monitor-bandwidth"))";
            junos:must-message "adjust-threshold-underflow-limit cannot be used with monitor-bandwidth";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Number of consecutive underflow samples to trigger auto-adjustment";
          }

          leaf resignal-minimum-bandwidth {
            type empty;
            description
              "Resignal the LSP using minimum-bandwidth";
          }

          leaf sync-active-path-bandwidth {
            type empty;
            description
              "Signal standby path with bandwidth obtained from active path";
          }
        }  // container auto-bandwidth

        container optimize-on-change {
          description
            "Specify additional re-optimization triggers for this LSP";
          uses apply-advanced;

          leaf link-congestion {
            type empty;
            description
              "Optimize when a link becomes congested";
          }
        }  // container optimize-on-change

        container deselect-on-bandwidth-failure {
          presence
            "enable deselect-on-bandwidth-failure";
          description
            "Deselect active path if it cannot meet the bandwidth constraint";
          uses apply-advanced;

          leaf tear-lsp {
            type empty;
            description
              "Bring down active path when all paths fail to reserve required bandwidth";
          }
        }  // container deselect-on-bandwidth-failure

        container track-igp-metric {
          description
            "Track IGP metric for LSP install prefixes";
          uses apply-advanced;

          leaf install-v4-prefixes {
            type empty;
            description
              "Track IGP metric for IPV4 prefixes";
          }

          leaf install-v6-prefixes {
            type empty;
            description
              "Track IGP metric for IPV6 prefixes";
          }
        }  // container track-igp-metric

        container associate-lsp {
          junos:must "((".. oam mpls-tp-mode" || ".. .. oam mpls-tp-mode"))";
          junos:must-message "mpls-tp-mode must be configured for associate-lsp";
          description
            "Associate the LSP for OAM";
          uses apply-advanced;

          leaf lsp-name {
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of 64 characters or less";
            }
            description
              "Name of assocation LSP";
          }

          leaf from {
            type jt:ipv4addr;
            description
              "Address of ingress router of associated LSP";
          }
        }  // container associate-lsp

        list primary {
          key "name";
          ordered-by user;
          description "Preferred path";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description "Name of path";
          }

          uses apply-advanced;

          container bandwidth {
            description
              "Bandwidth to reserve (bps)";
            uses bandwidth-type;
          }  // container bandwidth

          container admin-group {
            description
              "Administrative group policy";
            uses admin_group_include_exclude;
          }  // container admin-group

          container admin-group-extended {
            description
              "Extended administrative group policy";
            uses admin_group_include_exclude;
          }  // container admin-group-extended

          container priority {
            presence "enable priority";
            description
              "Preemption priorities";
          }  // container priority

          leaf setup-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 7";
              }
            }
            description "Set-up priority";
          }

          leaf reservation-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 7";
              }
            }
            description
              "Reservation priority";
          }

          container oam {
            description "Periodic OAM";
            uses periodic_oam;
          }  // container oam

          leaf class-of-service {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 7";
              }
            }
            description
              "Class-of-service value";
          }

          leaf no-decrement-ttl {
            type empty;
            description
              "Do not decrement the TTL within an LSP";
          }

          leaf hop-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "2 .. 255";
              }
            }
            description
              "Maximum allowed router hops";
          }

          leaf no-cspf {
            type empty;
            description
              "Disable automatic path computation";
          }

          leaf admin-down {
            type empty;
            description
              "Set GMPLS LSP to administrative down state";
          }

          leaf optimize-timer {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 65535";
              }
            }
            units "seconds";
            description
              "Periodical path reoptimizations";
          }

          leaf preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Preference value";
          }

          choice record-choice {
            leaf record {
              type empty;
              description
                "Record transit routers";
            }
            leaf no-record {
              type empty;
              description
                "Don't record transit routers";
            }
          }  // choice record-choice

          leaf standby {
            type empty;
            description
              "Keep backup paths in continuous standby";
          }

          leaf exclude-srlg {
            type empty;
            description
              "Exclude SRLG links for secondary path";
          }

          leaf ultimate-hop-popping {
            type empty;
            description
              "Request ultimate hop popping from egress";
          }

          leaf sync-active-path-bandwidth {
            type empty;
            description
              "Signal standby path with bandwidth obtained from active path";
          }

          leaf cross-credibility-cspf {
            type empty;
            description
              "Compute paths across multi-protocol links and nodes";
          }

          leaf adaptive {
            type empty;
            description
              "Have the LSP smoothly cut over to new routes";
          }

          leaf select {
            type enumeration {
              enum "manual" {
                value 0;
                description
                  "Manual override as preferred active path, if up and stable";
              }
              enum "unconditional" {
                value 1;
                description
                  "Unconditional override as preferred active path, regardless of up/down status";
              }
            }
          }

          container upstream-label {
            description
              "Upstream Label for the bidirectional label-switched path";
            uses apply-advanced;

            leaf vlan-id {
              junos:must "(".. .. .. lsp-attributes switching-type ethernet-vlan")";
              junos:must-message "VLAN label is valid only for VLAN LSP";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4094";
                }
              }
              description
                "VLAN ID label for the label-switched path";
            }
          }  // container upstream-label

          container optimize-on-change {
            junos:must "(!("protocols mpls label-switched-path $$ optimize-on-change"))";
            junos:must-message "LSP already has optimize-on-change";
            description
              "Specify additional re-optimization triggers for this path";
            uses apply-advanced;

            leaf link-congestion {
              type empty;
              description
                "Optimize when a link becomes congested";
            }
          }  // container optimize-on-change
        }  // list primary

        list secondary {
          key "name";
          ordered-by user;
          description "Backup path";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description "Name of path";
          }

          uses apply-advanced;

          container bandwidth {
            description
              "Bandwidth to reserve (bps)";
            uses bandwidth-type;
          }  // container bandwidth

          container admin-group {
            description
              "Administrative group policy";
            uses admin_group_include_exclude;
          }  // container admin-group

          container admin-group-extended {
            description
              "Extended administrative group policy";
            uses admin_group_include_exclude;
          }  // container admin-group-extended

          container priority {
            presence "enable priority";
            description
              "Preemption priorities";
          }  // container priority

          leaf setup-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 7";
              }
            }
            description "Set-up priority";
          }

          leaf reservation-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 7";
              }
            }
            description
              "Reservation priority";
          }

          container oam {
            description "Periodic OAM";
            uses periodic_oam;
          }  // container oam

          leaf class-of-service {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 7";
              }
            }
            description
              "Class-of-service value";
          }

          leaf no-decrement-ttl {
            type empty;
            description
              "Do not decrement the TTL within an LSP";
          }

          leaf hop-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "2 .. 255";
              }
            }
            description
              "Maximum allowed router hops";
          }

          leaf no-cspf {
            type empty;
            description
              "Disable automatic path computation";
          }

          leaf admin-down {
            type empty;
            description
              "Set GMPLS LSP to administrative down state";
          }

          leaf optimize-timer {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 65535";
              }
            }
            units "seconds";
            description
              "Periodical path reoptimizations";
          }

          leaf preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Preference value";
          }

          choice record-choice {
            leaf record {
              type empty;
              description
                "Record transit routers";
            }
            leaf no-record {
              type empty;
              description
                "Don't record transit routers";
            }
          }  // choice record-choice

          leaf standby {
            type empty;
            description
              "Keep backup paths in continuous standby";
          }

          leaf exclude-srlg {
            type empty;
            description
              "Exclude SRLG links for secondary path";
          }

          leaf ultimate-hop-popping {
            type empty;
            description
              "Request ultimate hop popping from egress";
          }

          leaf sync-active-path-bandwidth {
            type empty;
            description
              "Signal standby path with bandwidth obtained from active path";
          }

          leaf cross-credibility-cspf {
            type empty;
            description
              "Compute paths across multi-protocol links and nodes";
          }

          leaf adaptive {
            type empty;
            description
              "Have the LSP smoothly cut over to new routes";
          }

          leaf select {
            type enumeration {
              enum "manual" {
                value 0;
                description
                  "Manual override as preferred active path, if up and stable";
              }
              enum "unconditional" {
                value 1;
                description
                  "Unconditional override as preferred active path, regardless of up/down status";
              }
            }
          }

          container upstream-label {
            description
              "Upstream Label for the bidirectional label-switched path";
            uses apply-advanced;

            leaf vlan-id {
              junos:must "(".. .. .. lsp-attributes switching-type ethernet-vlan")";
              junos:must-message "VLAN label is valid only for VLAN LSP";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4094";
                }
              }
              description
                "VLAN ID label for the label-switched path";
            }
          }  // container upstream-label

          container optimize-on-change {
            junos:must "(!("protocols mpls label-switched-path $$ optimize-on-change"))";
            junos:must-message "LSP already has optimize-on-change";
            description
              "Specify additional re-optimization triggers for this path";
            uses apply-advanced;

            leaf link-congestion {
              type empty;
              description
                "Optimize when a link becomes congested";
            }
          }  // container optimize-on-change

          container non-active-hold-priority {
            description
              "Non-active hold priority";
            leaf non-active-hold-prio-value {
              junos:must "(!((".. .. no-cspf" || (".. .. .. no-cspf" || ".. .. .. .. no-cspf"))))";
              junos:must-message "Non-active hold priority unsupported for no-cspf LSPs";
              junos:must "((".. .. standby" || (".. .. .. standby" || ".. .. .. .. standby")))";
              junos:must-message "Non-active hold priority supported only for standby path";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 7";
                }
              }
              description
                "Non-active hold priority value";
            }
          }  // container non-active-hold-priority
        }  // list secondary

        container policing {
          description
            "Traffic policing for this LSP";
          leaf filter {
            junos:must "(!("firewall family any filter $$ interface-specific"))";
            junos:must-message "LSP policing filter must not be interface-specific";
            junos:must "(("firewall family any filter $$" || (!("firewall") && ".. .. .. .. .. .. .. .. firewall family any filter $$")))";
            junos:must-message "referenced filter must be defined under firewall family any";
            type string {
              junos:posix-pattern "!^((__.*)|(.{65,}))$";
              junos:pattern-message "Must be a non-reserved string of 64 characters or less";
            }
            description
              "Name of filter to use for policing LSP traffic";
          }

          leaf no-auto-policing {
            type empty;
            description
              "Turn off automatic policing for this LSP";
          }
        }  // container policing

        leaf lsp-external-controller {
          junos:must "(!(".. single-sided-associated-bidirectional"))";
          junos:must-message "Single-sided associated bidir LSP cannot be externally controlled";
          junos:must "(!(".. corouted-bidirectional"))";
          junos:must-message "Externally controlled LSP cannot be corouted bidirectional";
          junos:must "(!(".. corouted-bidirectional-passive"))";
          junos:must-message "Externally controlled LSP cannot be corouted bidirectional";
          junos:must "("protocols mpls lsp-external-controller $$")";
          junos:must-message "Referenced lsp-external-controller is not defined";
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of less than 64 characters";
          }
          description
            "Name of the external path computing entity";
        }

        leaf associate-backup-pe-groups {
          junos:must "(".. oam bfd-liveness-detection")";
          junos:must-message "bfd-liveness-detection must be configured for this feature.";
          type empty;
          description
            "Associate this LSP with backup-pe groups";
        }

        leaf egress-protection {
          junos:must "(!(".. install"))";
          junos:must-message "Cannot install routes for an egress protection LSP";
          type empty;
          description
            "Use this LSP for egress protection data transport";
        }

        leaf transport-class {
          junos:must "("routing-options transport-class name $$")";
          junos:must-message "Referenced transport class is not defined";
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of less than 64 characters";
          }
          description
            "Transport class this LSP belongs to";
        }
      }  // list label-switched-path

      container deselect-on-bandwidth-failure {
        presence
          "enable deselect-on-bandwidth-failure";
        description
          "Deselect active path if it cannot meet the bandwidth constraint";
        uses apply-advanced;

        leaf tear-lsp {
          type empty;
          description
            "Bring down active path when all paths fail to reserve required bandwidth";
        }
      }  // container deselect-on-bandwidth-failure

      container track-igp-metric {
        description
          "Track IGP metric for LSP install prefixes";
        uses apply-advanced;

        leaf install-v4-prefixes {
          type empty;
          description
            "Track IGP metric for IPV4 prefixes";
        }

        leaf install-v6-prefixes {
          type empty;
          description
            "Track IGP metric for IPV6 prefixes";
        }
      }  // container track-igp-metric

      list container-label-switched-path {
        key "name";
        ordered-by user;
        leaf name {
          junos:must "(!(".. .. label-switched-path $$"))";
          junos:must-message "The Container LSP name is the same as an existing LSP name";
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "Name of container-lsp";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable MPLS container-label-switched path";
          }
        }  // choice enable-disable

        leaf description {
          type string {
            length "1 .. 80";
          }
          description
            "Text description of label-switched path";
        }

        container label-switched-path-template {
          description
            "Template for dynamic point-to-point LSP parameters";
          uses apply-advanced;

          choice dynamic-template {
            leaf template-name {
              junos:must "(!("protocols mpls label-switched-path $$ egress-protection"))";
              junos:must-message "Referenced point-to-point LSP template cannot have egress-protection";
              junos:must "(!("protocols mpls label-switched-path $$ p2mp"))";
              junos:must-message "Referenced point-to-point LSP template cannot be p2mp sub LSP";
              junos:must "(!("protocols mpls label-switched-path $$ bandwidth"))";
              junos:must-message "Referenced point-to-point LSP template cannot have static bandwidth";
              junos:must "(!("protocols mpls label-swithced-path $$ policing"))";
              junos:must-message "Referenced point-to-point LSP template cannot have policing";
              junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ no-cspf"))))";
              junos:must-message "Referenced point-to-point LSP template cannot have no-cspf";
              junos:must "(("protocols mpls label-switched-path $$" && "protocols mpls label-switched-path $$ template"))";
              junos:must-message "Referenced point-to-point LSP template does not exist";
              type string {
                junos:posix-pattern "![*<>]";
                junos:pattern-message "Template name should not contain '*' and angle brackets";
                length "1 .. 64";
              }
              description
                "Name of point-to-point LSP template";
            }
            leaf default-template {
              type empty;
              description
                "Use default parameters";
            }
          }  // choice dynamic-template
        }  // container label-switched-path-template

        leaf to {
          type jt:ipv4addr;
          description
            "Address of egress router";
        }

        leaf suffix {
          type string {
            length "1 .. 64";
          }
          description
            "Suffix to generate names of members of container LSP";
        }

        container splitting-merging {
          description
            "Do splitting and merging";
          uses apply-advanced;

          leaf maximum-member-lsps {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "1 .. 64";
              }
            }
            description
              "Maximum number of LSPs";
          }

          leaf minimum-member-lsps {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "1 .. 64";
              }
            }
            description
              "Minimum number of LSPs";
          }

          leaf splitting-bandwidth {
            type string;
            units "bps";
            description
              "Maximum bandwidth threshold for splitting";
          }

          leaf merging-bandwidth {
            type string;
            units "bps";
            description
              "Minimum bandwidth threshold for merging";
          }

          leaf maximum-signaling-bandwidth {
            type string;
            units "bps";
            description
              "Maximum bandwidth for signaling during normalization";
          }

          leaf minimum-signaling-bandwidth {
            type string;
            units "bps";
            description
              "Minimum bandwidth for signaling during normalization";
          }

          leaf splitting-merging-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 100";
              }
            }
            units "percent";
            default "10";
            description
              "Change in aggregate LSP utilization to trigger splitting or merging";
          }

          container normalization {
            description "Do normalization";
            uses apply-advanced;

            leaf normalize-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "300 .. 315360000";
                }
              }
              units "seconds";
              default "86400";
              description
                "Time to normalize container LSP";
            }

            leaf failover-normalization {
              type empty;
              description
                "Do pre-mature normalization in case some LSPs go down before next normalization";
            }

            leaf no-incremental-normalize {
              type empty;
              description
                "Do not normalize unless all LSPs are successfully signaled";
            }

            leaf normalization-retry-duration {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 86400";
                }
              }
              units "seconds";
              description
                "Time before retrying the container LSP normalization";
            }

            leaf normalization-retry-limits {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1000";
                }
              }
              description
                "Maximum number of times to retry container LSP normalization";
            }
          }  // container normalization

          container sampling {
            description
              "Sampling information";
            uses apply-advanced;

            leaf cut-off-threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 100";
                }
              }
              default "0";
              description
                "Cut-off percentile to remove outliers from aggregate samples";
            }

            choice sampling-mode {
              leaf use-average-aggregate {
                type empty;
                description
                  "Use average of the samples";
              }
              leaf use-percentile {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 100";
                  }
                }
                default "100";
                description
                  "Use a percentile of the samples";
              }
            }  // choice sampling-mode
          }  // container sampling
        }  // container splitting-merging

        leaf lsp-external-controller {
          junos:must "("protocols mpls lsp-external-controller $$")";
          junos:must-message "Referenced lsp-external-controller is not defined";
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of less than 64 characters";
          }
          description
            "Name of the external path computing entity";
        }
      }  // list container-label-switched-path

      list transit-lsp-association {
        key "name";
        ordered-by user;
        description
          "Transit label switch path assoication";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "Name of transit assocation LSP group";
        }

        uses apply-advanced;

        leaf lsp-name-1 {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "Name of assocation LSP 1";
        }

        leaf from-1 {
          type jt:ipv4addr;
          description
            "Address of associated LSP 1";
        }

        leaf lsp-name-2 {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "Name of assocation LSP 2";
        }

        leaf from-2 {
          type jt:ipv4addr;
          description
            "Address of associated LSP 2";
        }
      }  // list transit-lsp-association

      list path {
        key "name";
        ordered-by user;
        description
          "Route of a label-switched path";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of less than 64 characters";
          }
          description
            "Name of label-switched path";
        }

        uses apply-advanced;

        list path-list {
          key "name";
          ordered-by user;
          description
            "List of routers in the label-switched path";
          leaf name {
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of less than 64 characters";
            }
            description
              "Address of next system in path";
          }

          leaf abstract {
            junos:must "(".. .. .. abstract-hop ${path-list}")";
            junos:must-message "Referenced abstart hop must be configured";
            type empty;
            description
              "Next system in path is abstract";
          }

          choice loose_strict_none {
            leaf loose {
              type empty;
              description
                "Next hop might not be adjacent";
            }
            leaf loose-link {
              type empty;
              description
                "Next hop link might not be adjacent";
            }
            leaf strict {
              type empty;
              description
                "Next hop must be adjacent";
            }
          }  // choice loose_strict_none
        }  // list path-list
      }  // list path

      list constituent-list {
        key "name";
        ordered-by user;
        description
          "MPLS constituent list for abstract hops";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description
            "Constituent list name";
        }

        uses apply-advanced;

        leaf-list srlg {
          type string;
          max-elements 16;
          ordered-by user;
          description "SRLG Name";
        }

        leaf-list admin-group {
          type string;
          max-elements 16;
          ordered-by user;
          description
            "Administrative groups";
        }

        leaf-list admin-group-extended {
          type string;
          max-elements 16;
          ordered-by user;
          description
            "Extended administrative groups";
        }
      }  // list constituent-list

      list abstract-hop {
        key "name";
        ordered-by user;
        description "MPLS abstract hop";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,64}$";
            junos:pattern-message "Must be a string of 64 characters or less";
          }
          description "Abstract hop name";
        }

        uses apply-advanced;

        leaf operator {
          type enumeration {
            enum "AND" {
              value 0;
              description "AND";
            }
            enum "OR" {
              value 1;
              description "OR";
            }
          }
          description
            "Operation among constituent lists";
        }

        list constituent-list {
          key "name";
          ordered-by user;
          description
            "Building abstract hop using constituent lists";
          leaf name {
            junos:must "("protocols mpls constituent-list $$")";
            junos:must-message "Referenced constituent list does not exist";
            type string {
              length "1 .. 64";
            }
            description
              "Constituent list name";
          }

          uses apply-advanced;

          choice list-type {
            leaf include-any-list {
              type empty;
              description "Include any";
            }
            leaf include-all-list {
              type empty;
              description "Include all";
            }
            leaf exclude-any-list {
              type empty;
              description "Exclude any";
            }
            leaf exclude-all-list {
              type empty;
              description "Exclude all";
            }
          }  // choice list-type
        }  // list constituent-list
      }  // list abstract-hop

      container egress-protection {
        description
          "Egress router protection";
        uses apply-advanced;

        list context-identifier {
          key "name";
          description "Context identifier";
          leaf name {
            type jt:ipv4addr;
            description "IP address";
          }

          uses apply-advanced;

          choice context-type {
            leaf primary {
              type empty;
              description "Primary";
            }
            leaf protector {
              type empty;
              description "Protector";
            }
          }  // choice context-type

          leaf metric {
            junos:must "(!(" .. advertise-mode stub-alias"))";
            junos:must-message "Metric configuration is not supported with stub-alias mode";
            junos:must "(".. protector")";
            junos:must-message "Configurable only for protector context identifiers";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 16777215";
              }
            }
            description "IGP metric";
          }

          leaf advertise-mode {
            type enumeration {
              enum "stub-proxy" {
                value 0;
                description "Proxy";
              }
              enum "stub-alias" {
                value 1;
                description "Alias";
              }
            }
            description "Advertise mode";
          }

          leaf-list admin-group {
            junos:must "((".. protector" && ".. advertise-mode stub-proxy"))";
            junos:must-message "Configurable only for protector with proxy mode";
            type string;
            ordered-by user;
            description
              "Administrative groups";
          }
        }  // list context-identifier

        container traceoptions {
          description
            "Trace options for egress-protection";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "state" {
                  value 0;
                  description
                    "Trace state transitions";
                }
                enum "route" {
                  value 1;
                  description
                    "Trace route transitions";
                }
                enum "error" {
                  value 2;
                  description
                    "Trace error conditions";
                }
                enum "all" {
                  value 3;
                  description
                    "Trace everything";
                }
              }
            }
          }  // list flag
        }  // container traceoptions
      }  // container egress-protection

      container label-range {
        description "MPLS labels ranges";
        uses apply-advanced;

        list lsi-label-range {
          key "name";
          ordered-by user;
          description "LSI-label-range";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_start";
          }

          leaf range-end {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_end";
          }
        }  // list lsi-label-range

        list dynamic-label-range {
          key "name";
          ordered-by user;
          description "Dynamic-label-range";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_start";
          }

          leaf range-end {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_end";
          }
        }  // list dynamic-label-range

        list block-label-range {
          key "name";
          ordered-by user;
          description "Block-label-range";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_start";
          }

          leaf range-end {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_end";
          }
        }  // list block-label-range

        list srgb-label-range {
          key "name";
          max-elements 1;
          ordered-by user;
          description "SRGB-label-range";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_start";
          }

          leaf range-end {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_end";
          }
        }  // list srgb-label-range

        leaf label-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Limit for the number of concurrent active labels";
        }

        list static-label-range {
          key "name";
          ordered-by user;
          description "Static-label-range";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_start";
          }

          leaf range-end {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "16 .. 1048575";
              }
            }
            description "Label_range_end";
          }
        }  // list static-label-range
      }  // container label-range

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable MPLS";
        }
      }  // choice enable-disable

      container label-history {
        presence "enable label-history";
        description
          "MPLS label history recording";
        uses apply-advanced;

        leaf max-entries {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Limit for the number of history entry per label";
        }
      }  // container label-history

      container traceoptions {
        description "Trace options for MPLS";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "connection" {
                value 0;
                description
                  "Trace CCC activity";
              }
              enum "connection-detail" {
                value 1;
                description
                  "Trace CCC activity in detail";
              }
              enum "cspf" {
                value 2;
                description
                  "Trace CSPF computation";
              }
              enum "cspf-node" {
                value 3;
                description
                  "Trace nodes visited during CSPF";
              }
              enum "cspf-link" {
                value 4;
                description
                  "Trace links visited during CSPF";
              }
              enum "cspf-abstract" {
                value 5;
                description
                  "Trace abstract hop based CSPF details";
              }
              enum "state" {
                value 6;
                description
                  "Trace state transitions";
              }
              enum "error" {
                value 7;
                description
                  "Trace error conditions";
              }
              enum "lsping" {
                value 8;
                description
                  "Trace LSP ping packets received";
              }
              enum "graceful-restart" {
                value 9;
                description
                  "Trace graceful-restart-related events";
              }
              enum "nsr-synchronization" {
                value 10;
                description
                  "Trace NSR synchronization events";
              }
              enum
                "nsr-synchronization-detail" {
                value 11;
                description
                  "Trace NSR synchronization events in detail";
              }
              enum "static" {
                value 12;
                description
                  "Trace static label-switched path";
              }
              enum "egress-protection" {
                value 13;
                description
                  "Trace egress protection events";
              }
              enum "all" {
                value 14;
                description
                  "Trace everything";
              }
              enum "autobw-state" {
                value 15;
                description
                  "Trace autobandwidth events in mpls trace";
              }
              enum
                "externally-controlled-lsp" {
                value 16;
                description
                  "Trace externally controlled LSP events in mpls trace";
              }
              enum "ted-import" {
                value 17;
                description
                  "Trace leaking TED entries into lsdist.0 table";
              }
              enum "ted-export" {
                value 18;
                description
                  "Trace leaking of entries from lsdist.0 table into TED";
              }
              enum "lsp-history" {
                value 19;
                description
                  "Trace LSP history events";
              }
              enum "abstract-hop" {
                value 20;
                description
                  "Trace abstract hop related events";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      leaf ipv6-tunneling {
        type empty;
        description
          "Allow MPLS LSPs to be used for tunneling IPv6 traffic";
      }

      list interface {
        key "name";
        ordered-by user;
        description "MPLS interface options";
        uses juniper-protocols-mpls-interface;
      }  // list interface

      list static-label-switched-path {
        key "name";
        ordered-by user;
        description
          "Static label-switched path";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description "Name of path";
        }

        uses apply-advanced;

        choice lsp-type {
          container bypass {
            description
              "Bypass ingress label-switched path";
            uses apply-advanced;

            leaf bandwidth {
              type string;
              units "bps";
              description
                "Bandwidth to reserve";
            }

            leaf description {
              type string {
                length "1 .. 80";
              }
              description
                "Text description of label-switched path";
            }

            leaf next-hop {
              type union {
                type jt:ipaddr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "IPv4 or IPv6 address or interface of next-hop router";
            }

            leaf next-table {
              type string;
              description
                "Next-table for lookup";
            }

            leaf push {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 1048575";
                }
              }
              description "Label to push";
            }

            leaf to {
              type jt:ipaddr;
              description
                "Address of egress router";
            }
          }  // container bypass
          list transit {
            key "name";
            ordered-by user;
            description
              "Transit label-switched path";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "16 .. 1048575";
                }
              }
              description
                "Incoming label value";
            }

            uses apply-advanced;

            leaf bandwidth {
              type string;
              units "bps";
              description
                "Bandwidth to reserve";
            }

            leaf description {
              type string {
                length "1 .. 80";
              }
              description
                "Text description of label-switched path";
            }

            container link-protection {
              description
                "Bypass link protection";
              leaf bypass-name {
                type string {
                  length "1 .. 64";
                }
                description
                  "Bypass label-switched path name";
              }
            }  // container link-protection

            leaf next-hop {
              type union {
                type jt:ipaddr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "IPv4 or IPv6 address or interface of next-hop router";
            }

            leaf member-interface {
              type union {
                type jt:interface-unit;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "AE member interface name";
            }

            container node-protection {
              description
                "Bypass node protection";
              leaf bypass-name {
                type string {
                  length "1 .. 64";
                }
                description
                  "Bypass label-switched path name";
              }

              leaf next-next-label {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1048575";
                  }
                }
                description
                  "Label expected by next-next-hop";
              }
            }  // container node-protection

            choice label-action {
              leaf swap {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1048575";
                  }
                }
                description
                  "Swap top label with this label";
              }
              leaf pop {
                type empty;
                description
                  "Pop the top label";
              }
              leaf stitch {
                junos:must "(!((".. link-protection" || ".. node-protection")))";
                junos:must-message "Link-protection and node-protection are invalid for LSP stitching";
                type empty;
                description
                  "Swap top label with the resolved LSP";
              }
            }  // choice label-action
          }  // list transit
          container ingress {
            description
              "Ingress LSR configuration for a static LSP";
            uses apply-advanced;

            leaf bandwidth {
              type string;
              units "bps";
              description
                "Bandwidth to reserve";
            }

            leaf class-of-service {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type int32 {
                  range "0 .. 7";
                }
              }
              description
                "Class-of-service value";
            }

            leaf description {
              type string {
                length "1 .. 80";
              }
              description
                "Text description of label-switched path";
            }

            list install {
              key "name";
              ordered-by user;
              description "Install prefix";
              leaf name {
                type jt:ipv4prefix;
                description
                  "Destination prefix";
              }

              leaf active {
                type empty;
                description
                  "Install prefix into forwarding table";
              }
            }  // list install

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16777215";
                }
              }
              description "Metric value";
            }

            leaf next-hop {
              type union {
                type jt:ipv4addr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "IPv4 address or interface of next-hop router";
            }

            container link-protection {
              description
                "Bypass link protection";
              leaf bypass-name {
                type string {
                  length "1 .. 64";
                }
                description
                  "Bypass label-switched path name";
              }
            }  // container link-protection

            container node-protection {
              description
                "Bypass node protection";
              leaf bypass-name {
                type string {
                  length "1 .. 64";
                }
                description
                  "Bypass label-switched path name";
              }

              leaf next-next-label {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1048575";
                  }
                }
                description
                  "Label expected by next-next-hop";
              }
            }  // container node-protection

            leaf no-install-to-address {
              type empty;
              description
                "Don't install host route 'to' address into routing tables";
            }

            container policing {
              description
                "Traffic policing for this LSP";
              leaf filter {
                junos:must "(!("firewall family any filter $$ interface-specific"))";
                junos:must-message "LSP policing filter must not be interface-specific";
                junos:must "(("firewall family any filter $$" || (!("firewall") && ".. .. .. .. .. .. .. .. firewall family any filter $$")))";
                junos:must-message "referenced filter must be defined under firewall family any";
                type string {
                  junos:posix-pattern "!^((__.*)|(.{65,}))$";
                  junos:pattern-message "Must be a non-reserved string of 64 characters or less";
                }
                description
                  "Name of filter to use for policing LSP traffic";
              }

              leaf no-auto-policing {
                type empty;
                description
                  "Turn off automatic policing for this LSP";
              }
            }  // container policing

            leaf preference {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Preference value";
            }

            leaf to {
              type jt:ipv4addr;
              description
                "Address of egress router";
            }

            leaf push {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 1048575";
                }
              }
              description "Label to push";
            }

            leaf entropy-label {
              type empty;
              description
                "Enable entropy label";
            }
          }  // container ingress
          container segment {
            description
              "Segment for segment routing";
            uses apply-advanced;

            leaf sid-label {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "16 .. 1048575";
                }
              }
              description
                "Segment identifier (SID) label";
            }

            leaf description {
              type string {
                length "1 .. 80";
              }
              description
                "Text description of label-switched path";
            }

            leaf next-hop {
              type union {
                type jt:ipv4addr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "IPv4 address or interface of next-hop router";
            }

            choice label-action {
              leaf swap {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 1048575";
                  }
                }
                description
                  "Swap the SID label to this label";
              }
              leaf pop {
                type empty;
                description
                  "Pop the SID label";
              }
            }  // choice label-action
          }  // container segment
        }  // choice lsp-type
      }  // list static-label-switched-path
    }  // grouping juniper-protocols-mpls

    grouping admin_group_include_exclude {
      uses apply-advanced;

      choice include-any-choice {
        leaf-list include-any {
          type string;
          ordered-by user;
          description
            "Groups, one or more of which must be present";
        }
      }  // choice include-any-choice

      choice include-all-choice {
        leaf-list include-all {
          type string;
          ordered-by user;
          description
            "Groups, all of which must be present";
        }
      }  // choice include-all-choice

      choice exclude-choice {
        leaf-list exclude {
          type string;
          ordered-by user;
          description
            "Groups, all of which must be absent";
        }
      }  // choice exclude-choice
    }  // grouping admin_group_include_exclude

    grouping bandwidth-type {
      uses apply-advanced;

      leaf per-traffic-class-bandwidth {
        type string;
        units "bps";
        description "Bandwidth to reserve";
      }

      leaf ct0 {
        type string;
        units "bps";
        description
          "Bandwidth from traffic class 0";
      }

      leaf ct1 {
        type string;
        units "bps";
        description
          "Bandwidth from traffic class 1";
      }

      leaf ct2 {
        type string;
        units "bps";
        description
          "Bandwidth from traffic class 2";
      }

      leaf ct3 {
        type string;
        units "bps";
        description
          "Bandwidth from traffic class 3";
      }
    }  // grouping bandwidth-type

    grouping juniper-protocols-mpls-interface {
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface name";
      }

      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable MPLS on this interface";
        }
      }  // choice enable-disable

      leaf-list srlg {
        type string;
        max-elements 64;
        ordered-by user;
        description "SRLG Name";
      }

      leaf always-mark-connection-protection-tlv {
        type empty;
        description
          "Mark connection protection tlv on this interface";
      }

      leaf switch-away-lsps {
        type empty;
        description
          "Switch away protected LSPs to their bypass LSPs";
      }

      leaf-list admin-group {
        type string;
        ordered-by user;
        description "Administrative groups";
      }

      leaf-list admin-group-extended {
        type string;
        ordered-by user;
        description
          "Extended administrative groups";
      }

      container static {
        description
          "Static label-switch path related configurations";
        uses apply-advanced;

        leaf protection-revert-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "FRR revert wait time, 0 means disable";
        }
      }  // container static
    }  // grouping juniper-protocols-mpls-interface

    grouping juniper-protocols-msdp {
      uses apply-advanced;

      leaf data-encapsulation {
        type enumeration {
          enum "disable" {
            value 0;
            description
              "Disable data encapsulation";
          }
          enum "enable" {
            value 1;
            description
              "Enable data encapsulation";
          }
        }
        description
          "Set encapsulation of data packets";
      }

      container rib-group {
        description "Routing table group";
        uses rib_group_inet_type;
      }  // container rib-group

      container active-source-limit {
        description
          "Limit the number of active sources accepted";
        uses apply-advanced;

        leaf maximum {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000000";
            }
          }
          default "25000";
          description
            "Maximum number of active sources accepted";
        }

        leaf threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000000";
            }
          }
          default "24000";
          description
            "RED threshold for active source acceptance";
        }

        leaf log-warning {
          junos:must "(".. maximum")";
          junos:must-message "Maximum must be configured to configure log-warning";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          default "100";
          description
            "Percentage of maximum at which to start generating warnings";
        }

        leaf log-interval {
          junos:must "(".. maximum")";
          junos:must-message "Maximum must be configured to configure log-interval";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "6 .. 32767";
            }
          }
          description
            "Time between log messages";
        }
      }  // container active-source-limit

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable MSDP";
        }
      }  // choice enable-disable

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }

      leaf local-address {
        type jt:ipv4addr;
        description "Local address";
      }

      container traceoptions {
        description "Trace options for MSDP";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all MSDP packets";
              }
              enum "route" {
                value 1;
                description
                  "Trace routing information";
              }
              enum "nsr-synchronization" {
                value 2;
                description
                  "Trace NSR synchronization events";
              }
              enum "source-active" {
                value 3;
                description
                  "Trace source-active messages";
              }
              enum "source-active-request" {
                value 4;
                description
                  "Trace source-active request messages";
              }
              enum "source-active-response" {
                value 5;
                description
                  "Trace source-active response messages";
              }
              enum "keepalive" {
                value 6;
                description
                  "Trace keepalive messages";
              }
              enum "normal" {
                value 7;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 8;
                description
                  "Trace general events";
              }
              enum "state" {
                value 9;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 10;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 11;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 12;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 13;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      list peer {
        key "name";
        ordered-by user;
        description "Configure an MSDP peer";
        leaf name {
          type jt:ipv4addr;
          description "Peer address";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description "Disable MSDP";
          }
        }  // choice enable-disable

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description "Export policy";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }

        leaf local-address {
          type jt:ipv4addr;
          description "Local address";
        }

        container traceoptions {
          description
            "Trace options for MSDP";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "packets" {
                  value 0;
                  description
                    "Trace all MSDP packets";
                }
                enum "route" {
                  value 1;
                  description
                    "Trace routing information";
                }
                enum "nsr-synchronization" {
                  value 2;
                  description
                    "Trace NSR synchronization events";
                }
                enum "source-active" {
                  value 3;
                  description
                    "Trace source-active messages";
                }
                enum "source-active-request" {
                  value 4;
                  description
                    "Trace source-active request messages";
                }
                enum
                  "source-active-response" {
                  value 5;
                  description
                    "Trace source-active response messages";
                }
                enum "keepalive" {
                  value 6;
                  description
                    "Trace keepalive messages";
                }
                enum "normal" {
                  value 7;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 8;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 9;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 10;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 11;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 12;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 13;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        container active-source-limit {
          description
            "Limit the number of active sources accepted";
          uses apply-advanced;

          leaf maximum {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1000000";
              }
            }
            default "25000";
            description
              "Maximum number of active sources accepted";
          }

          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1000000";
              }
            }
            default "24000";
            description
              "RED threshold for active source acceptance";
          }

          leaf log-warning {
            junos:must "(".. maximum")";
            junos:must-message "Maximum must be configured to configure log-warning";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            default "100";
            description
              "Percentage of maximum at which to start generating warnings";
          }

          leaf log-interval {
            junos:must "(".. maximum")";
            junos:must-message "Maximum must be configured to configure log-interval";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "6 .. 32767";
              }
            }
            description
              "Time between log messages";
          }
        }  // container active-source-limit

        leaf keep-alive {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 60";
            }
          }
          units "seconds";
          description
            "Time limit for sending out periodic keep alive to peer";
        }

        leaf hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "15 .. 150";
            }
          }
          units "seconds";
          description
            "Max time to terminating a peer for having not received any message from ";
        }

        leaf sa-hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "75 .. 300";
            }
          }
          units "seconds";
          description
            "Max time for holding a sa message before timing out";
        }

        leaf default-peer {
          type empty;
          description "Default RPF peer";
        }

        leaf authentication-key {
          type string {
            length "1 .. 126";
          }
          description
            "MD5 authentication key";
        }
      }  // list peer

      leaf keep-alive {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 60";
          }
        }
        units "seconds";
        description
          "Time limit for sending out periodic keep alive to peer";
      }

      leaf hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "15 .. 150";
          }
        }
        units "seconds";
        description
          "Max time to terminating a peer for having not received any message from ";
      }

      leaf sa-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "75 .. 300";
          }
        }
        units "seconds";
        description
          "Max time for holding a sa message before timing out";
      }

      list source {
        key "name";
        ordered-by user;
        description
          "Configure parameters for each source";
        leaf name {
          type jt:ipprefix;
          description
            "Source address or prefix";
        }

        uses apply-advanced;

        container active-source-limit {
          description
            "Limit the number of active sources accepted";
          uses apply-advanced;

          leaf maximum {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1000000";
              }
            }
            default "25000";
            description
              "Maximum number of active sources accepted";
          }

          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1000000";
              }
            }
            default "24000";
            description
              "RED threshold for active source acceptance";
          }

          leaf log-warning {
            junos:must "(".. maximum")";
            junos:must-message "Maximum must be configured to configure log-warning";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            default "100";
            description
              "Percentage of maximum at which to start generating warnings";
          }

          leaf log-interval {
            junos:must "(".. maximum")";
            junos:must-message "Maximum must be configured to configure log-interval";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "6 .. 32767";
              }
            }
            description
              "Time between log messages";
          }
        }  // container active-source-limit
      }  // list source

      list group {
        key "name";
        ordered-by user;
        description
          "Configure MSDP peer groups";
        leaf name {
          type string;
          description "MSDP peer group name";
        }

        uses apply-advanced;

        leaf mode {
          type enumeration {
            enum "standard" {
              value 0;
              description
                "Use standard MSDP source-active flooding rules";
            }
            enum "mesh-group" {
              value 1;
              description
                "Group peers are mesh group members";
            }
          }
          default "standard";
          description
            "MSDP group source-active flooding mode";
        }

        choice enable-disable {
          leaf disable {
            type empty;
            description "Disable MSDP";
          }
        }  // choice enable-disable

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description "Export policy";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }

        leaf local-address {
          type jt:ipv4addr;
          description "Local address";
        }

        container traceoptions {
          description
            "Trace options for MSDP";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "packets" {
                  value 0;
                  description
                    "Trace all MSDP packets";
                }
                enum "route" {
                  value 1;
                  description
                    "Trace routing information";
                }
                enum "nsr-synchronization" {
                  value 2;
                  description
                    "Trace NSR synchronization events";
                }
                enum "source-active" {
                  value 3;
                  description
                    "Trace source-active messages";
                }
                enum "source-active-request" {
                  value 4;
                  description
                    "Trace source-active request messages";
                }
                enum
                  "source-active-response" {
                  value 5;
                  description
                    "Trace source-active response messages";
                }
                enum "keepalive" {
                  value 6;
                  description
                    "Trace keepalive messages";
                }
                enum "normal" {
                  value 7;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 8;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 9;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 10;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 11;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 12;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 13;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        list peer {
          key "name";
          ordered-by user;
          description
            "Configure an MSDP peer";
          leaf name {
            type jt:ipv4addr;
            description "Peer address";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description "Disable MSDP";
            }
          }  // choice enable-disable

          leaf-list export {
            type jt:policy-algebra;
            ordered-by user;
            description "Export policy";
          }

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description "Import policy";
          }

          leaf local-address {
            type jt:ipv4addr;
            description "Local address";
          }

          container traceoptions {
            description
              "Trace options for MSDP";
            uses apply-advanced;

            container file {
              description
                "Trace file options";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf replace {
                type empty;
                status deprecated;
                description
                  "Replace trace file rather than appending to it";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "10";
                description
                  "Maximum number of trace files";
              }

              leaf no-stamp {
                type empty;
                status deprecated;
                description
                  "Do not timestamp trace file";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "packets" {
                    value 0;
                    description
                      "Trace all MSDP packets";
                  }
                  enum "route" {
                    value 1;
                    description
                      "Trace routing information";
                  }
                  enum "nsr-synchronization" {
                    value 2;
                    description
                      "Trace NSR synchronization events";
                  }
                  enum "source-active" {
                    value 3;
                    description
                      "Trace source-active messages";
                  }
                  enum
                    "source-active-request" {
                    value 4;
                    description
                      "Trace source-active request messages";
                  }
                  enum
                    "source-active-response" {
                    value 5;
                    description
                      "Trace source-active response messages";
                  }
                  enum "keepalive" {
                    value 6;
                    description
                      "Trace keepalive messages";
                  }
                  enum "normal" {
                    value 7;
                    description
                      "Trace normal events";
                  }
                  enum "general" {
                    value 8;
                    description
                      "Trace general events";
                  }
                  enum "state" {
                    value 9;
                    description
                      "Trace state transitions";
                  }
                  enum "policy" {
                    value 10;
                    description
                      "Trace policy processing";
                  }
                  enum "task" {
                    value 11;
                    description
                      "Trace routing protocol task processing";
                  }
                  enum "timer" {
                    value 12;
                    description
                      "Trace routing protocol timer processing";
                  }
                  enum "all" {
                    value 13;
                    description
                      "Trace everything";
                  }
                }
              }

              leaf send {
                type empty;
                description
                  "Trace transmitted packets";
              }

              leaf receive {
                type empty;
                description
                  "Trace received packets";
              }

              leaf detail {
                type empty;
                description
                  "Trace detailed information";
              }

              leaf disable {
                type empty;
                description
                  "Disable this trace flag";
              }
            }  // list flag
          }  // container traceoptions

          container active-source-limit {
            description
              "Limit the number of active sources accepted";
            uses apply-advanced;

            leaf maximum {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1000000";
                }
              }
              default "25000";
              description
                "Maximum number of active sources accepted";
            }

            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1000000";
                }
              }
              default "24000";
              description
                "RED threshold for active source acceptance";
            }

            leaf log-warning {
              junos:must "(".. maximum")";
              junos:must-message "Maximum must be configured to configure log-warning";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              default "100";
              description
                "Percentage of maximum at which to start generating warnings";
            }

            leaf log-interval {
              junos:must "(".. maximum")";
              junos:must-message "Maximum must be configured to configure log-interval";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "6 .. 32767";
                }
              }
              description
                "Time between log messages";
            }
          }  // container active-source-limit

          leaf keep-alive {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 60";
              }
            }
            units "seconds";
            description
              "Time limit for sending out periodic keep alive to peer";
          }

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "15 .. 150";
              }
            }
            units "seconds";
            description
              "Max time to terminating a peer for having not received any message from ";
          }

          leaf sa-hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "75 .. 300";
              }
            }
            units "seconds";
            description
              "Max time for holding a sa message before timing out";
          }

          leaf default-peer {
            type empty;
            description "Default RPF peer";
          }

          leaf authentication-key {
            type string {
              length "1 .. 126";
            }
            description
              "MD5 authentication key";
          }
        }  // list peer
      }  // list group
    }  // grouping juniper-protocols-msdp

    grouping juniper-protocols-mstp {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable MSTP";
        }
      }  // choice enable-disable

      leaf bpdu-destination-mac-address {
        type enumeration {
          enum "provider-bridge-group" {
            value 0;
            description
              "802.1ad provider bridge group address";
          }
        }
        description
          "Destination MAC address in the spanning tree BPDUs";
      }

      leaf configuration-name {
        type string {
          length "1 .. 32";
        }
        description
          "Configuration name (part of MST configuration identifier)";
      }

      leaf revision-level {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Revision level (part of MST configuration identifier)";
      }

      leaf max-hops {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 255";
          }
        }
        description "Maximum number of hops";
      }

      leaf max-age {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "6 .. 40";
          }
        }
        units "seconds";
        description
          "Maximum age of received protocol bpdu";
      }

      leaf hello-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 10";
          }
        }
        units "seconds";
        description
          "Time interval between configuration BPDUs";
      }

      leaf forward-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "4 .. 30";
          }
        }
        units "seconds";
        description
          "Time spent in listening or learning state";
      }

      leaf system-identifier {
        type jt:mac-unicast;
        description
          "Sytem identifier to represent this node";
      }

      container traceoptions {
        description
          "Tracing options for debugging protocol operation";
        uses stp-trace-options;
      }  // container traceoptions

      leaf bridge-priority {
        type string {
          junos:posix-pattern "^(0|4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
          junos:pattern-message "Must be a multiple of 4096";
        }
        description
          "Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)";
      }

      leaf backup-bridge-priority {
        type string {
          junos:posix-pattern "^(4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
          junos:pattern-message "Must be a multiple of 4096";
        }
        description
          "Priority of the bridge (in increments of 4k - 4k,8k,..60k)";
      }

      leaf bpdu-block-on-edge {
        type empty;
        description
          "Block BPDU on all interfaces configured as edge (BPDU Protect)";
      }

      leaf vpls-flush-on-topology-change {
        type empty;
        description
          "Enable VPLS MAC flush on root protected CE interface receving topology change";
      }

      leaf priority-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 255";
          }
        }
        units "seconds";
        description
          "Hold time before switching to primary priority when core domain becomes up";
      }

      list system-id {
        key "name";
        ordered-by user;
        description
          "System ID to IP mapping";
        uses system-id-ip-map;
      }  // list system-id

      list interface {
        key "name";
        description "Interface options";
        uses mstp-interface;
      }  // list interface

      list msti {
        key "name";
        description "Per-MSTI options";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 64";
            }
          }
        }

        uses apply-advanced;

        leaf bridge-priority {
          type string {
            junos:posix-pattern "^(0|4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
            junos:pattern-message "Must be a multiple of 4096";
          }
          description
            "Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)";
        }

        leaf backup-bridge-priority {
          type string {
            junos:posix-pattern "^(4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
            junos:pattern-message "Must be a multiple of 4096";
          }
          description
            "Priority of the bridge (in increments of 4k - 4k,8k,..60k)";
        }

        leaf-list vlan {
          type string;
          ordered-by user;
          description
            "VLAN ID or VLAN ID range [1..4094]";
        }

        list interface {
          key "name";
          description "Interface options";
          uses mstp-interface;
        }  // list interface
      }  // list msti
    }  // grouping juniper-protocols-mstp

    grouping juniper-protocols-mvpn {
      description "BGP-MVPN configuration";
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for BGP-MVPN";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "error" {
                value 0;
                description "Trace errors";
              }
              enum "nlri" {
                value 1;
                description
                  "Trace MVPN advertisements";
              }
              enum "topology" {
                value 2;
                description
                  "Trace MVPN topology changes";
              }
              enum "tunnel" {
                value 3;
                description
                  "Trace provider tunnel events";
              }
              enum "umh" {
                value 4;
                description
                  "Trace Upstream Multicast Hop (UMH) events";
              }
              enum "intra-as-ad" {
                value 5;
                description
                  "Trace MVPN intra-AS auto discovery routes";
              }
              enum "inter-as-ad" {
                value 6;
                description
                  "Trace MVPN inter-AS auto discovery routes";
              }
              enum "spmsi-ad" {
                value 7;
                description
                  "Trace MVPN SPMSI auto discovery routes";
              }
              enum "leaf-ad" {
                value 8;
                description
                  "Trace MVPN leaf auto discovery routes";
              }
              enum "source-active" {
                value 9;
                description
                  "Trace MVPN source active routes";
              }
              enum "cmcast-join" {
                value 10;
                description
                  "Trace MVPN c-multicast join routes";
              }
              enum "mdt-safi-ad" {
                value 11;
                description
                  "Trace MVPN MDT SAFI auto discovery routes";
              }
              enum "mvpn-limit" {
                value 12;
                description
                  "Trace MVPN spmsi and cmcast limit events";
              }
              enum "nsr-synchronization" {
                value 13;
                description
                  "Trace NSR synchronization events";
              }
              enum "route" {
                value 14;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 15;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 16;
                description
                  "Trace general events";
              }
              enum "state" {
                value 17;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 18;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 19;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 20;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 21;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      container autodiscovery-only {
        junos:must "(!(".. route-target"))";
        junos:must-message "MVPN autodiscovery-only mode cannot be used with route-target";
        junos:must "(!(".. sender-site"))";
        junos:must-message "MVPN autodiscovery-only mode cannot be used with sender-site";
        junos:must "(!(".. receiver-site"))";
        junos:must-message "MVPN autodiscovery-only mode cannot be used with receiver-site";
        junos:must "(".. .. .. protocols pim mvpn")";
        junos:must-message "MVPN autodiscovery-only mode requires protocols pim mvpn configuration for the instance.";
        junos:must "(!(".. .. .. provider-tunnel family inet pim-asm"))";
        junos:must-message "MVPN autodiscovery-only mode requires a PIM-SSM provider-tunnel root address.";
        junos:must "((".. .. .. provider-tunnel pim-ssm" || ".. .. .. provider-tunnel family inet pim-ssm"))";
        junos:must-message "MVPN autodiscovery-only mode requires a PIM-SSM provider-tunnel root address.";
        status deprecated;
        description
          "Use MVPN exclusively for PE router autodiscovery";
        uses apply-advanced;

        container intra-as {
          description
            "Intra-AS autodiscovery options";
          uses apply-advanced;

          leaf inclusive {
            type empty;
            description
              "Inclusive provider tunnel autodiscovery";
          }
        }  // container intra-as
      }  // container autodiscovery-only

      container family {
        description
          "BGP-MVPN address family";
        uses apply-advanced;

        container any {
          presence "enable any";
          description
            "BGP-MVPN properties for all families";
          uses apply-advanced;

          leaf disable {
            type empty;
            description
              "Disable all families";
          }
        }  // container any

        container inet {
          description
            "IPv4 BGP-MVPN properties";
          uses apply-advanced;

          container autodiscovery-only {
            junos:must "(!(".. .. .. route-target"))";
            junos:must-message "MVPN autodiscovery-only mode cannot be used with route-target";
            junos:must "(!(".. .. .. sender-site"))";
            junos:must-message "MVPN autodiscovery-only mode cannot be used with sender-site";
            junos:must "(!(".. .. .. receiver-site"))";
            junos:must-message "MVPN autodiscovery-only mode cannot be used with receiver-site";
            junos:must "(".. .. .. .. .. protocols pim mvpn")";
            junos:must-message "MVPN autodiscovery-only mode requires protocols pim mvpn configuration for the instance.";
            junos:must "(!(".. .. .. .. .. provider-tunnel family inet pim-asm"))";
            junos:must-message "MVPN autodiscovery-only mode requires a PIM-SSM provider-tunnel root address.";
            junos:must "((".. .. .. .. .. provider-tunnel pim-ssm" || ".. .. .. .. .. provider-tunnel family inet pim-ssm"))";
            junos:must-message "MVPN autodiscovery-only mode requires a PIM-SSM provider-tunnel root address.";
            description
              "Use MVPN exclusively for PE router autodiscovery";
            uses apply-advanced;

            container intra-as {
              description
                "Intra-AS autodiscovery options";
              uses apply-advanced;

              leaf inclusive {
                type empty;
                description
                  "Inclusive provider tunnel autodiscovery";
              }
            }  // container intra-as
          }  // container autodiscovery-only

          leaf disable {
            type empty;
            description
              "Disable family IPv4";
          }
        }  // container inet

        container inet6 {
          presence "enable inet6";
          description
            "IPv6 BGP-MVPN properties";
          uses apply-advanced;

          container autodiscovery-only {
            junos:must "(!(".. .. .. route-target"))";
            junos:must-message "MVPN autodiscovery-only mode cannot be used with route-target";
            junos:must "(!(".. .. .. sender-site"))";
            junos:must-message "MVPN autodiscovery-only mode cannot be used with sender-site";
            junos:must "(!(".. .. .. receiver-site"))";
            junos:must-message "MVPN autodiscovery-only mode cannot be used with receiver-site";
            junos:must "(".. .. .. .. .. protocols pim mvpn")";
            junos:must-message "MVPN autodiscovery-only mode requires protocols pim mvpn configuration for the instance.";
            junos:must "(!(".. .. .. .. .. provider-tunnel family inet pim-asm"))";
            junos:must-message "MVPN autodiscovery-only mode requires a PIM-SSM provider-tunnel root address.";
            junos:must "((".. .. .. .. .. provider-tunnel pim-ssm" || ".. .. .. .. .. provider-tunnel family inet pim-ssm"))";
            junos:must-message "MVPN autodiscovery-only mode requires a PIM-SSM provider-tunnel root address.";
            description
              "Use MVPN exclusively for PE router autodiscovery";
            uses apply-advanced;

            container intra-as {
              description
                "Intra-AS autodiscovery options";
              uses apply-advanced;

              leaf inclusive {
                type empty;
                description
                  "Inclusive provider tunnel autodiscovery";
              }
            }  // container intra-as
          }  // container autodiscovery-only

          leaf disable {
            type empty;
            description
              "Disable family IPv6";
          }
        }  // container inet6
      }  // container family

      choice sender-receiver-site-choice {
        leaf receiver-site {
          junos:must "(!(".. .. .. provider-tunnel"))";
          junos:must-message "MVPN instance with only receiver sites cannot be the root of a provider-tunnel";
          type empty;
          description
            "MVPN instance has sites only with multicast receivers";
        }
        leaf sender-site {
          junos:must "(".. .. .. provider-tunnel")";
          junos:must-message "MVPN instance with sources must be the root of a provider-tunnel";
          type empty;
          description
            "MVPN instance has sites only with multicast sources";
        }
      }  // choice sender-receiver-site-choice

      leaf unicast-umh-election {
        junos:must "(!(".. mvpn-join-load-balance"))";
        junos:must-message "UMH election based on unicast route cannot be configured with mvpn-join-load-balance";
        junos:must "(!(".. .. .. .. .. protocols bgp path-selection cisco-non-deterministic"))";
        junos:must-message "Upstream Multicast Hop election cannot be used with 'protocols bgp path-selection cisco-non-deterministic'";
        type empty;
        description
          "Upstream Multicast Hop election based on unicast route preference";
      }

      container static-umh {
        description
          "Upstream Multicast Hop election based on static configuration";
        uses apply-advanced;

        leaf primary {
          type jt:ipv4addr;
          description
            "Primary Upstream Multicast Hop";
        }

        leaf backup {
          type jt:ipv4addr;
          description
            "Secondary Upstream Multicast Hop";
        }

        choice source-tree_choice {
          leaf source-tree {
            type empty;
            description
              "Mandatory attribute - static-umh applies only to MVPN source-tree c-multicast joins";
          }
        }  // choice source-tree_choice
      }  // container static-umh

      leaf cmcast-joins-limit-inet {
        junos:must "(".. mvpn-mode rpt-spt")";
        junos:must-message "Cmcast limit can only be configured for MVPN rpt-spt mode";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 15000";
          }
        }
        description
          "Maximum number of cmcast entries for v4";
      }

      leaf cmcast-joins-limit-inet6 {
        junos:must "(".. mvpn-mode rpt-spt")";
        junos:must-message "Cmcastv6 limit can only be configured for MVPN rpt-spt mode";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 15000";
          }
        }
        description
          "Maximum number of cmcast entries for v6";
      }

      container mvpn-mode {
        description "MVPN mode of operation";
        uses apply-advanced;

        choice mode {
          container rpt-spt {
            presence "enable rpt-spt";
            description
              "MVPN works in multicast RPT and SPT mode";
            uses apply-advanced;

            leaf spt-switch-timer {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 60";
                }
              }
              units "seconds";
              description
                "Timeout before a PE router switches between RPT and SPT";
            }
          }  // container rpt-spt
          container spt-only {
            presence "enable spt-only";
            description
              "MVPN works in multicast SPT only mode (default mode)";
            uses apply-advanced;

            container source-active-advertisement {
              description
                "Attributes associated with advertising Source-Active A-D routes";
              uses apply-advanced;

              leaf dampen {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 30";
                  }
                }
                units "minutes";
                description
                  "Time to wait before re-advertising source-active route";
              }

              leaf min-rate {
                type string;
                units "bits per second";
                description
                  "Minimum traffic rate required to advertise Source-Active route";
              }
            }  // container source-active-advertisement

            leaf convert-sa-to-msdp {
              type empty;
              description
                "Turn on MVPN SA route to MSDP SA conversion";
            }
          }  // container spt-only
        }  // choice mode
      }  // container mvpn-mode

      container route-target {
        description
          "Configure route-targets for MVPN routes";
        uses apply-advanced;

        container import-target {
          description
            "Target communities used when importing routes";
          uses apply-advanced;

          container unicast {
            presence "enable unicast";
            description
              "Use the same target community as configured for unicast";
            choice receiver-sender-target-choice {
              leaf receiver {
                junos:must "(!(".. .. .. .. receiver-site"))";
                junos:must-message "MVPN instance with only receivers must not import routes from other receiver only sites";
                type empty;
                description
                  "Target community used when importing receiver site routes";
              }
              leaf sender {
                junos:must "(!(".. .. .. .. sender-site"))";
                junos:must-message "MVPN instance with only sources must not import routes from other sender only sites";
                type empty;
                description
                  "Target community used when importing sender site routes";
              }
            }  // choice receiver-sender-target-choice
          }  // container unicast

          container target {
            presence "enable target";
            description "Target community";
            leaf target-value {
              type string {
                junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
                junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
              }
            }

            choice receiver-sender-target-choice {
              leaf receiver {
                junos:must "(!(".. .. .. .. receiver-site"))";
                junos:must-message "MVPN instance with only receivers must not import routes from other receiver only sites";
                type empty;
                description
                  "Target community used when importing receiver site routes";
              }
              leaf sender {
                junos:must "(!(".. .. .. .. sender-site"))";
                junos:must-message "MVPN instance with only sources must not import routes from other sender only sites";
                type empty;
                description
                  "Target community used when importing sender site routes";
              }
            }  // choice receiver-sender-target-choice
          }  // container target
        }  // container import-target

        container export-target {
          description
            "Target communities used when exporting routes";
          uses apply-advanced;

          leaf unicast {
            type empty;
            description
              "Use the same target community as configured for unicast";
          }

          leaf target {
            type string {
              junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
              junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
            }
            description "Target community";
          }
        }  // container export-target
      }  // container route-target

      container mvpn-join-load-balance {
        junos:must "(!(".. unicast-umh-election"))";
        junos:must-message "MVPN join load balancing cannot be configured with unicast-umh-election";
        description
          "MVPN Join Load Balancing Algorithm";
        uses apply-advanced;

        choice algorithm {
          container bytewise-xor-hash {
            presence
              "enable bytewise-xor-hash";
            description
              "Upstream selection using bytewise XOR hash";
          }  // container bytewise-xor-hash
        }  // choice algorithm
      }  // container mvpn-join-load-balance

      container hot-root-standby {
        junos:must "(!(".. .. .. instance-type mpls-internet-multicast"))";
        junos:must-message "MVPN live-live - hot-root-standby cannot be configured in mpls-internet-multicast vrf";
        junos:must "(".. sender-based-rpf")";
        junos:must-message "MVPN live-live - hot-root-standby configuration needs sender-based-rpf configuration";
        description
          "MVPN live-live - hot root standby";
        uses apply-advanced;

        choice tree {
          container source-tree {
            presence "enable source-tree";
            description
              "MVPN live-live - hot root standby for source tree";
          }  // container source-tree
        }  // choice tree

        container min-rate {
          junos:must "(".. .. hot-root-standby source-tree")";
          junos:must-message "MVPN live-live - min-rate can be configured only if hot-root-standby source-tree is configured";
          description
            "Minimum traffic rate for the provider tunnel below which switchover is initiated (in bps)";
          uses apply-advanced;

          leaf rate {
            type string;
            units "bits per second";
            description
              "Minium traffic rate for the provider tunnel below which switchover is initiated (in bps)";
          }

          leaf revert-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 20";
              }
            }
            units "seconds";
            description
              "Time to delay updating of multicast routes to allow for multicast convergence";
          }
        }  // container min-rate
      }  // container hot-root-standby

      container inter-region-template {
        description
          "MVPN inter-region tunnel mapping template";
        uses apply-advanced;

        list template {
          key "name";
          ordered-by user;
          description
            "Define a inter-region template";
          leaf name {
            type string;
            description "MVPN Template Name";
          }

          uses apply-advanced;

          list region {
            key "name";
            ordered-by user;
            description
              "BGP peer group names used as region";
            leaf name {
              junos:must "("protocols bgp group $$")";
              junos:must-message "BGP group must be present";
              type string;
              description "Region name";
            }

            uses apply-advanced;

            choice tunnel-type {
              container rsvp-te {
                junos:must "("protocols rsvp")";
                junos:must-message "RSVP must be configured in the master instance";
                description
                  "RSVP-TE point-to-multipoint LSP for flooding";
                uses apply-advanced;

                choice static-or-dynamic {
                  leaf static-lsp {
                    type string {
                      junos:posix-pattern "^.{1,32}$";
                      junos:pattern-message "Must be a string of 32 characters or less";
                    }
                    description
                      "Name of point-to-multipoint LSP";
                  }
                  container label-switched-path-template {
                    description
                      "Template for dynamic point-to-multipoint LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                        junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-multipoint LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // choice static-or-dynamic
              }  // container rsvp-te
              container ldp-p2mp {
                junos:must "("protocols ldp p2mp")";
                junos:must-message "LDP P2MP must be configured in the master instance";
                presence "enable ldp-p2mp";
                description
                  "LDP point-to-multipoint LSP for flooding";
              }  // container ldp-p2mp
              container ingress-replication {
                description
                  "Ingress replication tunnel";
                uses apply-advanced;

                leaf create-new-ucast-tunnel {
                  junos:must "(".. label-switched-path label-switched-path-template")";
                  junos:must-message "label-switched-path-template must be defined";
                  type empty;
                  description
                    "Create new unicast tunnel for ingress replication";
                }

                container label-switched-path {
                  presence
                    "enable label-switched-path";
                  description
                    "Point-to-point LSP unicast tunnel";
                  uses apply-advanced;

                  container label-switched-path-template {
                    junos:must "(".. .. create-new-ucast-tunnel")";
                    junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                    description
                      "Template for dynamic point-to-point LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                        junos:must-message "Referenced point-to-point LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-point LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // container label-switched-path
              }  // container ingress-replication
              leaf incoming {
                type empty;
                description
                  "Same as incoming provider tunnel";
              }
            }  // choice tunnel-type
          }  // list region

          container all-regions {
            description
              "Used for all regions not specified";
            uses apply-advanced;

            choice tunnel-type {
              container rsvp-te {
                junos:must "("protocols rsvp")";
                junos:must-message "RSVP must be configured in the master instance";
                description
                  "RSVP-TE point-to-multipoint LSP for flooding";
                uses apply-advanced;

                choice static-or-dynamic {
                  leaf static-lsp {
                    type string {
                      junos:posix-pattern "^.{1,32}$";
                      junos:pattern-message "Must be a string of 32 characters or less";
                    }
                    description
                      "Name of point-to-multipoint LSP";
                  }
                  container label-switched-path-template {
                    description
                      "Template for dynamic point-to-multipoint LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && "protocols mpls label-switched-path $$ p2mp")))";
                        junos:must-message "Referenced point-to-multipoint LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-multipoint LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // choice static-or-dynamic
              }  // container rsvp-te
              container ldp-p2mp {
                junos:must "("protocols ldp p2mp")";
                junos:must-message "LDP P2MP must be configured in the master instance";
                presence "enable ldp-p2mp";
                description
                  "LDP point-to-multipoint LSP for flooding";
              }  // container ldp-p2mp
              container ingress-replication {
                description
                  "Ingress replication tunnel";
                uses apply-advanced;

                leaf create-new-ucast-tunnel {
                  junos:must "(".. label-switched-path label-switched-path-template")";
                  junos:must-message "label-switched-path-template must be defined";
                  type empty;
                  description
                    "Create new unicast tunnel for ingress replication";
                }

                container label-switched-path {
                  presence
                    "enable label-switched-path";
                  description
                    "Point-to-point LSP unicast tunnel";
                  uses apply-advanced;

                  container label-switched-path-template {
                    junos:must "(".. .. create-new-ucast-tunnel")";
                    junos:must-message "Templates must be specified when and only when create-new-ucast-tunnel is defined";
                    description
                      "Template for dynamic point-to-point LSP parameters";
                    uses apply-advanced;

                    choice dynamic-template {
                      leaf template-name {
                        junos:must "(("protocols mpls label-switched-path $$" && ("protocols mpls label-switched-path $$ template" && !("protocols mpls label-switched-path $$ p2mp"))))";
                        junos:must-message "Referenced point-to-point LSP template does not exist";
                        type string {
                          junos:posix-pattern "^.{1,32}$";
                          junos:pattern-message "Must be a string of 32 characters or less";
                        }
                        description
                          "Name of point-to-point LSP template";
                      }
                      leaf default-template {
                        type empty;
                        description
                          "Use default parameters";
                      }
                    }  // choice dynamic-template
                  }  // container label-switched-path-template
                }  // container label-switched-path
              }  // container ingress-replication
              leaf incoming {
                type empty;
                description
                  "Same as incoming provider tunnel";
              }
            }  // choice tunnel-type
          }  // container all-regions
        }  // list template
      }  // container inter-region-template

      leaf source-redundancy {
        type empty;
        description
          "Assume all the sources for a particular group is sending same data";
      }

      container umh-selection-additional-input {
        description
          "Additional parameters to consider during UMH";
        uses apply-advanced;

        leaf source-active-preference {
          junos:must "(!(".. .. mvpn-mode rpt-spt"))";
          junos:must-message "Source active preference can be configured only for spt only mode";
          type empty;
          description
            "Use the preference set in the source active route";
        }

        leaf tunnel-status {
          type empty;
          description
            "Use the RSVP tunnel status";
        }
      }  // container umh-selection-additional-input
    }  // grouping juniper-protocols-mvpn

    grouping juniper-protocols-mvrp {
      description "MVRP Configuration";
      uses apply-advanced;

      container traceoptions {
        description
          "Tracing options for MVRP";
        uses mrp-trace-options;
      }  // container traceoptions

      leaf join-timer {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "100 .. 500";
          }
        }
        units "milliseconds";
        default "200";
        description "Join timer interval";
      }

      leaf leave-timer {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "300 .. 1000";
          }
        }
        units "milliseconds";
        default "800";
        description "Leave timer interval";
      }

      leaf leaveall-timer {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "10 .. 60";
          }
        }
        units "seconds";
        default "10";
        description
          "Leaveall timer interval";
      }

      leaf no-dynamic-vlan {
        type empty;
        description
          "Disable dynamic VLAN creation";
      }

      leaf no-attribute-length-in-pdu {
        type empty;
        description
          "No attribute length while sending pdu ";
      }

      leaf bpdu-destination-mac-address {
        type enumeration {
          enum "provider-bridge-group" {
            value 0;
            description
              "802.1ad provider bridge group address";
          }
        }
        description
          "Destination MAC address in the MVRP BPDUs";
      }

      list interface {
        key "name";
        ordered-by user;
        description
          "Configure interface options";
        leaf name {
          junos:must "((((".. .. .. rstp interface $$" || ".. .. .. rstp interface all") && !(".. .. .. rstp interface $$ disable")) || ((".. .. .. mstp interface $$" || ".. .. .. mstp interface all") && !(".. .. .. mstp interface $$ disable"))))";
          junos:must-message "rstp/mstp is not enabled on the interface, mvrp is not allowed";
          junos:must "((!("interfaces $$ flexible-vlan-tagging") && (!("interfaces $$ vlan-tagging") && !("interfaces $$ stacked-vlan-tagging"))))";
          junos:must-message "mvrp is not supported on interfaces if flexible-vlan-tagging/vlan-tagging/stacked-vlan-tagging enabled";
          junos:must "(("interfaces $$ unit $$={0} family ethernet-switching interface-mode trunk" || "interfaces $$ unit $$={0} family bridge interface-mode trunk"))";
          junos:must-message "mvrp can be enabled only on interfaces with interface-mode trunk";
          type union {
            type jt:interface-device;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf join-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "100 .. 500";
            }
          }
          units "milliseconds";
          description "Join timer interval";
        }

        leaf leave-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "300 .. 1000";
            }
          }
          units "milliseconds";
          description "Leave timer interval";
        }

        leaf leaveall-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "10 .. 60";
            }
          }
          units "seconds";
          description
            "Leaveall timer interval";
        }

        leaf point-to-point {
          type empty;
          description
            "Port is point to point";
        }

        leaf registration {
          type enumeration {
            enum "normal" {
              value 0;
              description
                "Normal registration mode";
            }
            enum "restricted" {
              value 1;
              description
                "Restricted registration mode";
            }
            enum "forbidden" {
              value 2;
              description
                "Forbidden registration mode";
            }
          }
          default "normal";
          description "Registration mode";
        }
      }  // list interface
    }  // grouping juniper-protocols-mvrp

    grouping juniper-protocols-ospf {
      uses apply-advanced;

      list topology {
        key "name";
        ordered-by user;
        description "Topology parameters";
        leaf name {
          type string;
          description "Topology name";
        }

        uses apply-advanced;

        leaf disable {
          type empty;
          description
            "Disable this topology";
        }

        leaf topology-id {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "32 .. 127";
            }
          }
          description "Topology identifier";
        }

        leaf overload {
          type empty;
          description
            "Set the overload mode (repel transit traffic)";
        }

        leaf rib-group {
          junos:must "("routing-options rib-groups $$")";
          junos:must-message "Referenced rib-group must be defined";
          type string;
          description
            "Routing table group for importing routes";
        }

        container spf-options {
          description
            "Configure options for SPF";
          uses apply-advanced;

          leaf delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "50 .. 8000";
              }
            }
            units "milliseconds";
            description
              "Time to wait before running an SPF";
          }

          leaf holddown {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2000 .. 20000";
              }
            }
            units "milliseconds";
            description
              "Time to hold down before running an SPF";
          }

          leaf rapid-runs {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 10";
              }
            }
            description
              "Number of maximum rapid SPF runs before holddown";
          }

          leaf no-ignore-our-externals {
            type empty;
            description
              "Do not ignore self-generated external and NSSA LSAs";
          }
        }  // container spf-options

        container backup-spf-options {
          description
            "Configure options for backup SPF";
          uses apply-advanced;

          container remote-backup-calculation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            presence
              "enable remote-backup-calculation";
            description
              "Calculate Remote LFA backup nexthops";
            uses apply-advanced;

            container pq-nodes-nearest-to-source {
              description
                "PQ nodes selection based upon nearest to source";
              uses apply-advanced;

              leaf percent {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "10 .. 100";
                  }
                }
                description
                  "Selection percentage for nearest to source";
              }
            }  // container pq-nodes-nearest-to-source
          }  // container remote-backup-calculation

          container use-post-convergence-lfa {
            junos:must "("protocols ospf source-packet-routing")";
            junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
            presence
              "enable use-post-convergence-lfa";
            description
              "Calculate post-convergence backup paths";
            uses apply-advanced;

            leaf maximum-labels {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 8";
                }
              }
              description
                "Maximum number of labels installed for post-convergence paths";
            }

            leaf maximum-backup-paths {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 8";
                }
              }
              description
                "Maximum number of equal-cost post-convergence paths installed";
            }
          }  // container use-post-convergence-lfa

          leaf use-source-packet-routing {
            junos:must "(".. .. source-packet-routing")";
            junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
            junos:must "(!(".. remote-backup-calculation"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options remote-backup-calculation'";
            type empty;
            description
              "Use spring backup paths for inet.0 routes";
          }

          leaf disable {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Do not run backup SPF";
          }

          leaf no-install {
            type empty;
            description
              "Do not install backup nexthops into the RIB";
          }

          leaf downstream-paths-only {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Use only downstream backup paths";
          }

          container per-prefix-calculation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            description
              "Calculate backup nexthops for non-best prefix originators";
            uses apply-advanced;

            leaf stubs {
              type empty;
              description
                "Per prefix calculation for stubs only";
            }

            leaf summary {
              type empty;
              description
                "Per prefix calculation for summary originators only";
            }

            leaf externals {
              type empty;
              description
                "Per prefix calculation for externals";
            }

            leaf all {
              type empty;
              description
                "Per prefix calculation for all";
            }
          }  // container per-prefix-calculation

          leaf node-link-degradation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Degrade to link protection when nodelink protection not available";
          }
        }  // container backup-spf-options

        leaf prefix-export-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Maximum number of prefixes that can be exported";
        }
      }  // list topology

      container backup-spf-options {
        description
          "Configure options for backup SPF";
        uses apply-advanced;

        container remote-backup-calculation {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          presence
            "enable remote-backup-calculation";
          description
            "Calculate Remote LFA backup nexthops";
          uses apply-advanced;

          container pq-nodes-nearest-to-source {
            description
              "PQ nodes selection based upon nearest to source";
            uses apply-advanced;

            leaf percent {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10 .. 100";
                }
              }
              description
                "Selection percentage for nearest to source";
            }
          }  // container pq-nodes-nearest-to-source
        }  // container remote-backup-calculation

        container use-post-convergence-lfa {
          junos:must "("protocols ospf source-packet-routing")";
          junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
          presence
            "enable use-post-convergence-lfa";
          description
            "Calculate post-convergence backup paths";
          uses apply-advanced;

          leaf maximum-labels {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 8";
              }
            }
            description
              "Maximum number of labels installed for post-convergence paths";
          }

          leaf maximum-backup-paths {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 8";
              }
            }
            description
              "Maximum number of equal-cost post-convergence paths installed";
          }
        }  // container use-post-convergence-lfa

        leaf use-source-packet-routing {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
          junos:must "(!(".. remote-backup-calculation"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options remote-backup-calculation'";
          type empty;
          description
            "Use spring backup paths for inet.0 routes";
        }

        leaf disable {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Do not run backup SPF";
        }

        leaf no-install {
          type empty;
          description
            "Do not install backup nexthops into the RIB";
        }

        leaf downstream-paths-only {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Use only downstream backup paths";
        }

        container per-prefix-calculation {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          description
            "Calculate backup nexthops for non-best prefix originators";
          uses apply-advanced;

          leaf stubs {
            type empty;
            description
              "Per prefix calculation for stubs only";
          }

          leaf summary {
            type empty;
            description
              "Per prefix calculation for summary originators only";
          }

          leaf externals {
            type empty;
            description
              "Per prefix calculation for externals";
          }

          leaf all {
            type empty;
            description
              "Per prefix calculation for all";
          }
        }  // container per-prefix-calculation

        leaf node-link-degradation {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Degrade to link protection when nodelink protection not available";
        }
      }  // container backup-spf-options

      container traffic-engineering {
        presence
          "enable traffic-engineering";
        description
          "Configure traffic engineering attributes";
        uses apply-advanced;

        leaf no-topology {
          type empty;
          description
            "Disable dissemination of TE link-state topology information";
        }

        leaf multicast-rpf-routes {
          junos:must "(!(".. .. topology $$={ipv4-multicast}"))";
          junos:must-message "multicast-rpf-routes cannot be used with topology ipv4-multicast";
          junos:must "(".. shortcuts")";
          junos:must-message "multicast-rpf-routes cannot be used without shortcuts";
          type empty;
          description
            "Install routes for multicast RPF checks into inet.2";
        }

        leaf l3-unicast-topology {
          type empty;
          description
            "Download IGP topology into TED";
        }

        container ignore-lsp-metrics {
          presence
            "enable ignore-lsp-metrics";
          description
            "Ignore label-switched path metrics when doing shortcuts";
          uses apply-advanced;

          leaf unconfigured-only {
            type empty;
            description
              "Ignore lsp metrics for unconfigured only";
          }
        }  // container ignore-lsp-metrics

        container shortcuts {
          presence "enable shortcuts";
          description
            "Use label-switched paths as next hops, if possible";
          uses apply-advanced;

          leaf ignore-lsp-metrics {
            type empty;
            status deprecated;
            description
              "Ignore label-switched path metrics when doing shortcuts";
          }

          leaf lsp-metric-into-summary {
            type empty;
            description
              "Advertise LSP metric into summary LSAs";
          }

          list family {
            key "name";
            ordered-by user;
            description
              "Address family specific traffic-engineering attributes";
            leaf name {
              type enumeration {
                enum "inet" {
                  value 0;
                  description "IPv4 family";
                }
                enum "inet-mpls" {
                  value 1;
                  description
                    "IPv4-MPLS family";
                }
              }
            }

            uses apply-advanced;
          }  // list family
        }  // container shortcuts

        leaf advertise-unnumbered-interfaces {
          type empty;
          description
            "Advertise unnumbered interfaces";
        }

        leaf credibility-protocol-preference {
          type empty;
          description
            "TED protocol credibility follows protocol preference";
        }

        container advertisement {
          description
            "Advertise TE parameters even if RSVP is not turned on";
          uses apply-advanced;

          leaf always {
            type empty;
            description
              "Advertise TE parameters in TE LSAs";
          }
        }  // container advertisement
      }  // container traffic-engineering

      container source-packet-routing {
        junos:must "(!(".. .. .. protocols mpls disable"))";
        junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
        junos:must "(".. .. .. protocols mpls ")";
        junos:must-message "SPRING configuration is not allowed without 'protocols mpls'";
        presence
          "enable source-packet-routing";
        description
          "Enable source packet routing (SPRING)";
        uses apply-advanced;

        container adjacency-segment {
          description
            "Attributes for adjacency segments in spring";
          uses apply-advanced;

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "180000 .. 900000";
              }
            }
            description
              "Retain time of Adjacency segment after isolating from an interface";
          }
        }  // container adjacency-segment

        leaf-list prefix-segment {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Prefix Segment policy";
        }

        leaf explicit-null {
          type empty;
          description
            "Set E and P bits in all Prefix SID advertisements";
        }

        container node-segment {
          presence "enable node-segment";
          description
            "Enable support for Node segments in SPRING";
          uses apply-advanced;

          leaf ipv4-index {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 199999";
              }
            }
            description
              "Set ipv4 node segment index";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "32 .. 16385";
              }
            }
            description
              "Set range of node segment indices allowed";
          }
        }  // container node-segment

        container srgb {
          junos:must "(!(".. node-segment index-range"))";
          junos:must-message "Can not be configured with node-segment index-range";
          description
            "Set the SRGB global block in SPRING";
          leaf start-label {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Start range for SRGB label block";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Index to the SRGB start label block";
          }
        }  // container srgb

        leaf mapping-server {
          junos:must "(".. node-segment")";
          junos:must-message "protocols ospf source-packet-routing node-segment must be defined";
          junos:must "("routing-options source-packet-routing mapping-server-entry $$")";
          junos:must-message "Referenced source-packet-routing mapping-server-entry must be defined";
          type string;
          description "Mapping server name";
        }

        leaf install-prefix-sid-for-best-route {
          type empty;
          description
            "For best route install a exact prefix sid route";
        }

        leaf ldp-stitching {
          type empty;
          description
            "Enable SR to LDP stitching";
        }

        leaf-list flex-algorithm {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "128 .. 255";
            }
          }
          max-elements 16;
          description
            "Flex-algorithms we would like to participate in";
        }
      }  // container source-packet-routing

      list area {
        key "name";
        ordered-by user;
        description "Configure an OSPF area";
        leaf name {
          type jt:areaid;
          description "Area ID";
        }

        uses apply-advanced;

        choice stub-option {
          container stub {
            presence "enable stub";
            description
              "Configure a stub area";
            leaf default-metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16777215";
                }
              }
              description
                "Metric for the default route in this stub area";
            }

            choice summaries-choice {
              leaf summaries {
                type empty;
                description
                  "Flood summary LSAs into this stub area";
              }
              leaf no-summaries {
                type empty;
                description
                  "Don't flood summary LSAs into this stub area";
              }
            }  // choice summaries-choice
          }  // container stub
          container nssa {
            presence "enable nssa";
            description
              "Configure a not-so-stubby area";
            uses apply-advanced;

            container default-lsa {
              presence "enable default-lsa";
              description
                "Configure a default LSA";
              uses apply-advanced;

              leaf default-metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 16777215";
                  }
                }
                description
                  "Metric for the default route in this area";
              }

              leaf metric-type {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 2";
                  }
                }
                description
                  "External metric type for the default type 7 LSA";
              }

              leaf type-7 {
                type empty;
                description
                  "Flood type 7 default LSA if no-summaries is configured";
              }
            }  // container default-lsa

            leaf default-metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16777215";
                }
              }
              status deprecated;
              description
                "Metric for the default route in this area";
            }

            leaf metric-type {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2";
                }
              }
              status deprecated;
              description
                "External metric type for the default type 7 LSA";
            }

            choice summaries-choice {
              leaf summaries {
                type empty;
                description
                  "Flood summary LSAs into this NSSA area";
              }
              leaf no-summaries {
                type empty;
                description
                  "Don't flood summary LSAs into this NSSA area";
              }
            }  // choice summaries-choice

            list area-range {
              key "name";
              ordered-by user;
              description
                "Configure NSSA area ranges";
              leaf name {
                type jt:ipprefix;
                description
                  "Range to summarize NSSA routes in this area";
              }

              uses apply-advanced;

              leaf restrict {
                type empty;
                description
                  "Restrict advertisement of this area range";
              }

              leaf exact {
                type empty;
                description
                  "Enforce exact match for advertisement of this area range";
              }

              container override-metric {
                presence
                  "enable override-metric";
                description
                  "Override the dynamic metric for this area-range";
                uses apply-advanced;

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 16777215";
                    }
                  }
                  description "Metric value";
                }

                leaf metric-type {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 2";
                    }
                  }
                  default "1";
                  description
                    "Set the metric type for the override metric";
                }
              }  // container override-metric
            }  // list area-range
          }  // container nssa
        }  // choice stub-option

        list area-range {
          key "name";
          ordered-by user;
          description
            "Configure area ranges";
          leaf name {
            type jt:ipprefix;
            description
              "Range to summarize routes in this area";
          }

          uses apply-advanced;

          leaf restrict {
            type empty;
            description
              "Restrict advertisement of this area range";
          }

          leaf exact {
            type empty;
            description
              "Enforce exact match for advertisement of this area range";
          }

          leaf override-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16777215";
              }
            }
            description
              "Override the dynamic metric for this area-range";
          }
        }  // list area-range

        leaf-list network-summary-export {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Export policy for Type 3 Summary LSAs";
        }

        leaf-list network-summary-import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy for Type 3 Summary LSAs";
        }

        leaf-list inter-area-prefix-export {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Export policy for Inter Area Prefix LSAs";
        }

        leaf-list inter-area-prefix-import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy for Inter Area Prefix LSAs";
        }

        leaf authentication-type {
          type enumeration {
            enum "none" {
              value 0;
              status deprecated;
              description
                "No authentication";
            }
            enum "simple" {
              value 1;
              status deprecated;
              description
                "Simple password authentication";
            }
            enum "md5" {
              value 2;
              status deprecated;
              description
                "MD5 authentication";
            }
          }
          status deprecated;
          description "Authentication type";
        }

        list virtual-link {
          junos:must "(".. .. area $$={0.0.0.0}")";
          junos:must-message "virtual link can be configured only under backbone area";
          key "neighbor-id transit-area";
          ordered-by user;
          description
            "Configure virtual links";
          leaf neighbor-id {
            type jt:ipv4addr;
            description
              "Router ID of a virtual neighbor";
          }

          leaf transit-area {
            type jt:areaid;
            description
              "Transit area in common with virtual neighbor";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable this virtual link";
            }
          }  // choice enable-disable

          leaf retransmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Retransmission interval (seconds)";
          }

          leaf transit-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Transit delay (seconds)";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Hello interval (seconds)";
          }

          leaf dead-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Dead interval (seconds)";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 65535";
              }
            }
            description
              "Maximum OSPF packet size";
          }

          choice auth {
            container authentication {
              uses juniper-ospf-authentication;
            }  // container authentication
            container authentication-key {
              status deprecated;
              description
                "Authentication key";
              leaf keyname {
                type jt:unreadable;
                description
                  "Authentication key value";
              }

              leaf key-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }
            }  // container authentication-key
          }  // choice auth

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          leaf no-neighbor-down-notification {
            type empty;
            description
              "Don't inform other protocols about neighbor down events";
          }

          leaf ipsec-sa {
            junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
            junos:must-message "Must not configure ipsec-sa for st0 interface";
            junos:must "("security ipsec security-association $$ manual")";
            junos:must-message "Referenced IPSec security association must be a manual SA";
            junos:must "("security ipsec security-association $$ mode transport")";
            junos:must-message "Referenced IPSec security association must be in transport mode";
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec security association must be defined";
            type string {
              length "1 .. 32";
            }
            description
              "IPSec security association name";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list virtual-link

        list sham-link-remote {
          key "name";
          ordered-by user;
          description
            "Configure parameters for remote sham link endpoint";
          leaf name {
            junos:must "(!(".. .. .. sham-link local $$"))";
            junos:must-message "Local and remote sham link endpoint addresses must be different";
            junos:must "(".. .. .. sham-link local")";
            junos:must-message "Local sham link endpoint must be configured";
            type jt:ipaddr;
            description
              "Remote sham link endpoint address";
          }

          uses apply-advanced;

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Sham link metric";
          }

          leaf ipsec-sa {
            junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
            junos:must-message "Must not configure ipsec-sa for st0 interface";
            junos:must "("security ipsec security-association $$ manual")";
            junos:must-message "Referenced IPSec security association must be a manual SA";
            junos:must "("security ipsec security-association $$ mode transport")";
            junos:must-message "Referenced IPSec security association must be in transport mode";
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec security association must be defined";
            type string {
              length "1 .. 32";
            }
            description
              "IPSec security association name";
          }

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list sham-link-remote

        list interface {
          key "name";
          ordered-by user;
          description
            "Include an interface in this area";
          leaf name {
            junos:must "((!(".. interface-type nbma") || (!(("interfaces $$" || any "logical-systems <*> interfaces $$")) || (any "interfaces $$-IFL family inet address <*>" || any "logical-systems <*> interfaces $$-IFL family inet address <*>"))))";
            junos:must-message "IPv4 address must be configured on the interface for nbma mode";
            type union {
              type jt:ipv4addr-or-interface;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF on this interface";
            }
          }  // choice enable-disable

          leaf interface-type {
            type enumeration {
              enum "nbma" {
                value 0;
                description
                  "Nonbroadcast multiaccess";
              }
              enum "p2mp" {
                value 1;
                description
                  "Point-to-multipoint NBMA";
              }
              enum "p2p" {
                value 2;
                description "Point-to-point";
              }
              enum "p2mp-over-lan" {
                value 3;
                description
                  "Point-to-multipoint over LAN mode";
              }
            }
            description "Type of interface";
          }

          choice protection-type {
            leaf link-protection {
              type empty;
              description
                "Protect interface from link faults only";
            }
            leaf node-link-protection {
              type empty;
              description
                "Protect interface from both link and node faults";
            }
          }  // choice protection-type

          leaf no-eligible-backup {
            type empty;
            description
              "Not eligible to backup traffic from protected interfaces";
          }

          leaf no-eligible-remote-backup {
            type empty;
            description
              "Not eligible for Remote-LFA backup traffic from protected interfaces";
          }

          container passive {
            presence "enable passive";
            description
              "Do not run OSPF, but advertise it";
            uses apply-advanced;

            container traffic-engineering {
              description
                "Advertise TE link information";
              uses apply-advanced;

              leaf remote-node-id {
                type jt:ipaddr;
                description
                  "Remote address of the link";
              }

              leaf remote-node-router-id {
                junos:must "(".. remote-node-id")";
                junos:must-message "remote-node-id must be configured";
                type jt:ipv4addr;
                description
                  "TE Router-ID of the remote node";
              }
            }  // container traffic-engineering
          }  // container passive

          leaf secondary {
            junos:must "(!(" .. ipsec-sa"))";
            junos:must-message "secondary interface cannot have ipsec-sa configured";
            junos:must "(!(" .. dynamic-neighbors"))";
            junos:must-message "secondary interface cannot have dynamic-neighbors configured";
            junos:must "(!(" .. neighbor"))";
            junos:must-message "secondary interface cannot have configured neighbors";
            junos:must "(!(" .. interface-type p2mp"))";
            junos:must-message "secondary interface cannot be set as type p2mp";
            junos:must "(!(" .. interface-type nbma"))";
            junos:must-message "secondary interface cannot be set as type nbma";
            junos:must "(!(" .. passive"))";
            junos:must-message "secondary interface cannot be configured passive";
            type empty;
            description
              "Treat interface as secondary";
          }

          leaf own-router-lsa {
            type empty;
            description
              "Generate a separate router LSA for this interface";
          }

          container bandwidth-based-metrics {
            junos:must "(".. metric")";
            junos:must-message "Metric must be configured";
            description
              "Configure bandwidth based metrics";
            uses apply-advanced;

            list bandwidth {
              key "name";
              description
                "Bandwidth threshold";
              leaf name {
                type string;
              }

              leaf metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Metric associated with specified bandwidth";
              }
            }  // list bandwidth
          }  // container bandwidth-based-metrics

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Interface metric";
          }

          leaf priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Designated router priority";
          }

          leaf retransmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Retransmission interval (seconds)";
          }

          leaf transit-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Transit delay (seconds)";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Hello interval (seconds)";
          }

          leaf dead-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Dead interval (seconds)";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 65535";
              }
            }
            description
              "Maximum OSPF packet size";
          }

          choice auth {
            container authentication {
              uses juniper-ospf-authentication;
            }  // container authentication
            container authentication-key {
              status deprecated;
              description
                "Authentication key";
              leaf keyname {
                type jt:unreadable;
                description
                  "Authentication key value";
              }

              leaf key-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }
            }  // container authentication-key
          }  // choice auth

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          leaf no-neighbor-down-notification {
            type empty;
            description
              "Don't inform other protocols about neighbor down events";
          }

          leaf ipsec-sa {
            junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
            junos:must-message "Must not configure ipsec-sa for st0 interface";
            junos:must "("security ipsec security-association $$ manual")";
            junos:must-message "Referenced IPSec security association must be a manual SA";
            junos:must "("security ipsec security-association $$ mode transport")";
            junos:must-message "Referenced IPSec security association must be in transport mode";
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec security association must be defined";
            type string {
              length "1 .. 32";
            }
            description
              "IPSec security association name";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology

          leaf transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            status deprecated;
            description
              "OSPF packet transmit interval (milliseconds)";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication

            leaf full-neighbors-only {
              type empty;
              description
                "Setup BFD sessions only to Full neighbors";
            }

            leaf holddown-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Time to hold the session-UP notification to the client";
            }
          }  // container bfd-liveness-detection

          leaf dynamic-neighbors {
            junos:must "(" .. interface-type p2mp")";
            junos:must-message "dynamic-neighbors option can be set only if the interface type is p2mp";
            type empty;
            description
              "Learn neighbors dynamically on a p2mp interface";
          }

          leaf no-advertise-adjacency-segment {
            type empty;
            description
              "Do not advertise an adjacency segment for this interface";
          }

          list neighbor {
            junos:must "(!(" .. dynamic-neighbors"))";
            junos:must-message "Neighbors cannot be specified manually if dynamic-neighbors is set";
            key "name";
            ordered-by user;
            description "NBMA neighbor";
            leaf name {
              type jt:ipaddr;
              description
                "Address of neighbor";
            }

            leaf eligible {
              type empty;
              description
                "Eligible to be DR on an NBMA network";
            }
          }  // list neighbor

          leaf poll-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Poll interval for NBMA interfaces";
          }

          leaf no-interface-state-traps {
            type empty;
            description
              "Do not send interface state change traps";
          }

          leaf strict-bfd {
            junos:must "(" .. bfd-liveness-detection")";
            junos:must-message "strict bfd cannot be configured without bfd.";
            junos:must "(!(" .. bfd-liveness-detection full-neighbors-only"))";
            junos:must-message "full-neighbors-only and strict-bfd cannot be configured together";
            type empty;
            description
              "Enable strict bfd over this interface";
          }

          container post-convergence-lfa {
            junos:must "("protocols ospf backup-spf-options use-post-convergence-lfa")";
            junos:must-message "Not allowed without 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            presence
              "enable post-convergence-lfa";
            description
              "Protect interface using post-convergence backup path";
            uses apply-advanced;

            container node-protection {
              presence
                "enable node-protection";
              description
                "Compute backup path assuming node failure";
              uses apply-advanced;

              leaf cost {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Cost for node protection";
              }
            }  // container node-protection

            leaf srlg-protection {
              type empty;
              description
                "Compute backup path assuming SRLG failure";
            }

            leaf fate-sharing-protection {
              type empty;
              description
                "Compute backup path assuming fate-sharing group failure";
            }
          }  // container post-convergence-lfa

          leaf te-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Traffic engineering metric";
          }

          container ldp-synchronization {
            presence
              "enable ldp-synchronization";
            description
              "Advertise maximum metric until LDP is operational";
            uses ldp-sync-obj;
          }  // container ldp-synchronization

          container ipv4-adjacency-segment {
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
            description
              "Configure ipv4 adjacency segment";
            uses apply-advanced;

            container protected {
              description
                "Adjacency SID is eligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container protected

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container unprotected
          }  // container ipv4-adjacency-segment

          list lan-neighbor {
            junos:must "(!(".. ipv4-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if ipv4-adjacency-segment is configured in the same interface";
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if no-advertise-adjacency-segment is configured in the same interface ";
            junos:must "(!(".. interface-type p2p"))";
            junos:must-message "lan-neighbor can't be configured for point-to-point interfaces";
            key "name";
            ordered-by user;
            description
              "Configuration specific to a LAN neighbor";
            leaf name {
              type jt:ipaddr;
              description
                "Address of neighbor";
            }

            uses apply-advanced;

            container ipv4-adjacency-segment {
              junos:must "(!(".. no-advertise-adjacency-segment"))";
              junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
              description
                "Configure ipv4 adjacency segment";
              uses apply-advanced;

              container protected {
                description
                  "Adjacency SID is eligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container protected

              container unprotected {
                description
                  "Adjacency SID uneligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container unprotected
            }  // container ipv4-adjacency-segment
          }  // list lan-neighbor
        }  // list interface

        leaf no-context-identifier-advertisement {
          junos:must "(!(".. context-identifier"))";
          junos:must-message "no-context-identifier-advertisement and context-identifier attributes are mutually exclusive";
          type empty;
          description
            "Disable context identifier advertisments in this area";
        }

        list peer-interface {
          key "name";
          ordered-by user;
          description
            "Configuration for peer interface";
          leaf name {
            type string;
            description
              "Name of peer interface";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF on this control peer";
            }
          }  // choice enable-disable

          leaf retransmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Retransmission interval (seconds)";
          }

          leaf transit-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Transit delay (seconds)";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Hello interval (seconds)";
          }

          leaf dead-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Dead interval (seconds)";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 65535";
              }
            }
            description
              "Maximum OSPF packet size";
          }

          choice auth {
            container authentication {
              uses juniper-ospf-authentication;
            }  // container authentication
            container authentication-key {
              status deprecated;
              description
                "Authentication key";
              leaf keyname {
                type jt:unreadable;
                description
                  "Authentication key value";
              }

              leaf key-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }
            }  // container authentication-key
          }  // choice auth

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          leaf no-neighbor-down-notification {
            type empty;
            description
              "Don't inform other protocols about neighbor down events";
          }
        }  // list peer-interface

        leaf no-source-packet-routing {
          type empty;
          description
            "Disable SPRING in this area";
        }

        list context-identifier {
          junos:must "(!(".. no-context-identifier-advertisement"))";
          junos:must-message "no-context-identifier-advertisement and context-identifier attributes are mutually exclusive";
          key "name";
          ordered-by user;
          description
            "Configure context identifier in support of edge protection";
          leaf name {
            type jt:ipv4addr;
            description "Context identifier";
          }

          uses apply-advanced;
        }  // list context-identifier

        list label-switched-path {
          junos:must "(!(".. .. traffic-engineering multicast-rpf-routes"))";
          junos:must-message "cannot advertise LSPs when using multicast-rpf-routes";
          key "name";
          ordered-by user;
          description
            "Configuration for advertisement of a label-switched path";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description
              "Name of label-switched path to be advertised";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF on this label-switched path";
            }
          }  // choice enable-disable

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Interface metric";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list label-switched-path
      }  // list area

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable OSPF";
        }
      }  // choice enable-disable

      container traceoptions {
        description "Trace options for OSPF";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "spf" {
                value 0;
                description
                  "Trace SPF calculations";
              }
              enum "error" {
                value 1;
                description
                  "Trace errored packets";
              }
              enum "event" {
                value 2;
                description
                  "Trace OSPF state machine events";
              }
              enum "packet-dump" {
                value 3;
                description
                  "Dump the contents of selected packet types";
              }
              enum "flooding" {
                value 4;
                description
                  "Trace LSA flooding";
              }
              enum "lsa-analysis" {
                value 5;
                description
                  "Trace LSA analysis";
              }
              enum "packets" {
                value 6;
                description
                  "Trace all OSPF packets";
              }
              enum "hello" {
                value 7;
                description
                  "Trace hello packets";
              }
              enum "database-description" {
                value 8;
                description
                  "Trace database description packets";
              }
              enum "lsa-request" {
                value 9;
                description
                  "Trace LSA request packets";
              }
              enum "lsa-update" {
                value 10;
                description
                  "Trace LSA update packets";
              }
              enum "lsa-ack" {
                value 11;
                description
                  "Trace LSA acknowledgment packets";
              }
              enum "ldp-synchronization" {
                value 12;
                description
                  "Trace synchronization between OSPF and LDP";
              }
              enum "on-demand" {
                value 13;
                description
                  "Trace demand circuit extensions";
              }
              enum "nsr-synchronization" {
                value 14;
                description
                  "Trace NSR synchronization events";
              }
              enum "graceful-restart" {
                value 15;
                description
                  "Trace graceful restart";
              }
              enum "restart-signaling" {
                value 16;
                description
                  "Trace restart signaling";
              }
              enum "backup-spf" {
                value 17;
                description
                  "Trace backup SPF (LFA) specific events";
              }
              enum "source-packet-routing" {
                value 18;
                description
                  "Trace source packet routing (SPRING) events";
              }
              enum "post-convergence-lfa" {
                value 19;
                description
                  "Trace post-convergence-lfa related events";
              }
              enum "flex-algorithm" {
                value 20;
                description
                  "Trace flex-algorithm related events";
              }
              enum "route" {
                value 21;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 22;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 23;
                description
                  "Trace general events";
              }
              enum "state" {
                value 24;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 25;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 26;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 27;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 28;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      container spf-options {
        description
          "Configure options for SPF";
        uses apply-advanced;

        leaf delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "50 .. 8000";
            }
          }
          units "milliseconds";
          description
            "Time to wait before running an SPF";
        }

        leaf holddown {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2000 .. 20000";
            }
          }
          units "milliseconds";
          description
            "Time to hold down before running an SPF";
        }

        leaf rapid-runs {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 10";
            }
          }
          description
            "Number of maximum rapid SPF runs before holddown";
        }

        leaf no-ignore-our-externals {
          type empty;
          description
            "Do not ignore self-generated external and NSSA LSAs";
        }
      }  // container spf-options

      leaf prefix-export-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        description
          "Maximum number of prefixes that can be exported";
      }

      container rib-groups {
        description
          "Routing table groups for importing OSPF routes";
        uses apply-advanced;

        leaf inet {
          junos:must "("routing-options rib-groups $$")";
          junos:must-message "Referenced rib-groups must be defined";
          junos:must "(!(".. topology $$={default} rib-group"))";
          junos:must-message "rib-group cannot be used with topology default rib-group";
          type string;
          description
            "Name of the IPv4/v6 routing table group";
        }

        leaf inet3 {
          junos:must "("routing-options rib-groups $$")";
          junos:must-message "Referenced rib-groups must be defined";
          junos:must "(!(".. topology $$={default} rib-group"))";
          junos:must-message "rib-group cannot be used with topology default rib-group";
          type string;
          description
            "Name of the IPv4/v6 inet.3 routing table group";
        }
      }  // container rib-groups

      leaf job-stats {
        type empty;
        description "Collect job statistics";
      }

      container overload {
        presence "enable overload";
        description
          "Set the overload mode (repel transit traffic)";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 3600";
            }
          }
          units "seconds";
          description
            "Time after which overload mode is reset";
        }

        leaf allow-route-leaking {
          type empty;
          description
            "Allow routes to be leaked when overload is configured";
        }

        leaf stub-network {
          type empty;
          description
            "Advertise Stub Network with maximum metric";
        }

        leaf intra-area-prefix {
          type empty;
          description
            "Advertise Intra Area Prefix with maximum metric";
        }

        leaf as-external {
          type empty;
          description
            "Advertise As External with maximum usable metric";
        }
      }  // container overload

      container database-protection {
        presence
          "enable database-protection";
        description
          "Configure database protection attributes";
        uses apply-advanced;

        leaf maximum-lsa {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000000";
            }
          }
          description
            "Maximum allowed non self-generated LSAs";
        }

        leaf warning-only {
          type empty;
          description
            "Emit only a warning when LSA maximum limit is exceeded";
        }

        leaf warning-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "30 .. 100";
            }
          }
          units "percent";
          description
            "Percentage of LSA maximum above which to trigger warning";
        }

        leaf ignore-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 32";
            }
          }
          description
            "Maximum number of times to go into ignore state";
        }

        leaf ignore-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "30 .. 3600";
            }
          }
          units "seconds";
          description
            "Time to stay in ignore state and ignore all neighbors";
        }

        leaf reset-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 86400";
            }
          }
          units "seconds";
          description
            "Time after which the ignore count gets reset to zero";
        }
      }  // container database-protection

      container graceful-restart {
        description
          "Configure graceful restart attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable OSPF graceful restart capability";
          }
        }  // choice enable-disable

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          units "seconds";
          description
            "Time for all neighbors to become full";
        }

        leaf notify-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          units "seconds";
          description
            "Time to send all max-aged grace LSAs";
        }

        container helper-disable {
          presence "enable helper-disable";
          description
            "Disable graceful restart helper capability";
          uses apply-advanced;

          choice disable-choices {
            leaf standard {
              type empty;
              description
                "Disable helper-mode for rfc3623 based GR";
            }
            leaf restart-signaling {
              type empty;
              description
                "Disable helper mode for restart-signaling ";
            }
            leaf both {
              type empty;
              description
                "Disable helper mode for both the types of GR";
            }
          }  // choice disable-choices
        }  // container helper-disable

        leaf no-strict-lsa-checking {
          junos:must "(!(".. helper-disable"))";
          junos:must-message "To configure no-strict-lsa-checking, helper-disable must not be set";
          type empty;
          description
            "Do not abort graceful helper mode upon LSA changes";
        }
      }  // container graceful-restart

      leaf route-type-community {
        type enumeration {
          enum "iana" {
            value 0;
            description
              "BGP extended community value used is 0x0306";
          }
          enum "vendor" {
            value 1;
            description
              "Vendor BGP extended community value used is 0x8000";
          }
        }
        description
          "Specify BGP extended community value to encode OSPF route type";
      }

      container domain-id {
        description "Configure domain ID";
        choice domain_id_or_disable {
          leaf domain-id {
            type string;
            description "Domain ID";
          }
          leaf disable {
            type empty;
            description "Disable domain ID";
          }
        }  // choice domain_id_or_disable
      }  // container domain-id

      choice domain_vpn_tag_or_disable {
        leaf domain-vpn-tag {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Domain VPN tag for external LSA";
        }
        leaf no-domain-vpn-tag {
          type empty;
          description
            "Disable domain VPN tag";
        }
      }  // choice domain_vpn_tag_or_disable

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of internal routes";
      }

      leaf external-preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of external routes";
      }

      leaf labeled-preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of labeled routes";
      }

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Import policy (for external routes or setting priority)";
      }

      leaf reference-bandwidth {
        type string;
        description
          "Bandwidth for calculating metric defaults";
      }

      leaf lsa-refresh-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "25 .. 50";
          }
        }
        default "50";
        description
          "LSA refresh interval (minutes)";
      }

      leaf spf-delay {
        junos:must "(!(".. spf-options delay"))";
        junos:must-message "You can only configure either spf-delay or delay under spf-options";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "50 .. 8000";
          }
        }
        units "milliseconds";
        status deprecated;
        description
          "Time to wait before running an SPF";
      }

      leaf no-rfc-1583 {
        type empty;
        description
          "Disable RFC1583 compatibility";
      }

      leaf forwarding-address-to-broadcast {
        type empty;
        description
          "Set forwarding address in Type 5 LSA in broadcast network";
      }

      choice nssa-abr-option {
        leaf no-nssa-abr {
          type empty;
          description
            "Disable full NSSA functionality at ABR";
        }
      }  // choice nssa-abr-option

      container sham-link {
        presence "enable sham-link";
        description
          "Configure parameters for sham links";
        uses apply-advanced;

        leaf local {
          type jt:ipaddr;
          description
            "Local sham link endpoint address";
        }

        leaf no-advertise-local {
          type empty;
          status deprecated;
          description
            "Don't advertise local sham link endpoint as stub in router LSA";
        }
      }  // container sham-link
    }  // grouping juniper-protocols-ospf

    grouping juniper-ospf-authentication {
      description
        "Authentication information";
      uses apply-advanced;

      choice authentication-type {
        leaf simple-password {
          type jt:unreadable;
          description "Authentication key";
        }
        list md5 {
          key "name";
          ordered-by user;
          description
            "MD5 authentication key";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Key ID for MD5 authentication";
          }

          leaf key {
            type jt:unreadable;
            description
              "MD5 authentication key value";
          }

          leaf start-time {
            type jt:time;
            description
              "Start time for key transmission (YYYY-MM-DD.HH:MM)";
          }
        }  // list md5
      }  // choice authentication-type
    }  // grouping juniper-ospf-authentication

    grouping juniper-protocols-ospf3 {
      list realm {
        key "name";
        ordered-by user;
        description
          "OSPFv3 realm configuration";
        leaf name {
          type enumeration {
            enum "ipv6-unicast" {
              value 0;
              description
                "IPv6 unicast realm";
            }
            enum "ipv6-multicast" {
              value 1;
              description
                "IPv6 multicast realm";
            }
            enum "ipv4-unicast" {
              value 2;
              description
                "IPv4 unicast realm";
            }
            enum "ipv4-multicast" {
              value 3;
              description
                "IPv4 multicast realm";
            }
          }
          description "OSPFv3 realm name";
        }

        uses apply-advanced;

        list topology {
          key "name";
          ordered-by user;
          description "Topology parameters";
          leaf name {
            type string;
            description "Topology name";
          }

          uses apply-advanced;

          leaf disable {
            type empty;
            description
              "Disable this topology";
          }

          leaf topology-id {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "32 .. 127";
              }
            }
            description
              "Topology identifier";
          }

          leaf overload {
            type empty;
            description
              "Set the overload mode (repel transit traffic)";
          }

          leaf rib-group {
            junos:must "("routing-options rib-groups $$")";
            junos:must-message "Referenced rib-group must be defined";
            type string;
            description
              "Routing table group for importing routes";
          }

          container spf-options {
            description
              "Configure options for SPF";
            uses apply-advanced;

            leaf delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "50 .. 8000";
                }
              }
              units "milliseconds";
              description
                "Time to wait before running an SPF";
            }

            leaf holddown {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2000 .. 20000";
                }
              }
              units "milliseconds";
              description
                "Time to hold down before running an SPF";
            }

            leaf rapid-runs {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 10";
                }
              }
              description
                "Number of maximum rapid SPF runs before holddown";
            }

            leaf no-ignore-our-externals {
              type empty;
              description
                "Do not ignore self-generated external and NSSA LSAs";
            }
          }  // container spf-options

          container backup-spf-options {
            description
              "Configure options for backup SPF";
            uses apply-advanced;

            container remote-backup-calculation {
              junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
              junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
              presence
                "enable remote-backup-calculation";
              description
                "Calculate Remote LFA backup nexthops";
              uses apply-advanced;

              container pq-nodes-nearest-to-source {
                description
                  "PQ nodes selection based upon nearest to source";
                uses apply-advanced;

                leaf percent {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "10 .. 100";
                    }
                  }
                  description
                    "Selection percentage for nearest to source";
                }
              }  // container pq-nodes-nearest-to-source
            }  // container remote-backup-calculation

            container use-post-convergence-lfa {
              junos:must "("protocols ospf source-packet-routing")";
              junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
              presence
                "enable use-post-convergence-lfa";
              description
                "Calculate post-convergence backup paths";
              uses apply-advanced;

              leaf maximum-labels {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 8";
                  }
                }
                description
                  "Maximum number of labels installed for post-convergence paths";
              }

              leaf maximum-backup-paths {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 8";
                  }
                }
                description
                  "Maximum number of equal-cost post-convergence paths installed";
              }
            }  // container use-post-convergence-lfa

            leaf use-source-packet-routing {
              junos:must "(".. .. source-packet-routing")";
              junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
              junos:must "(!(".. remote-backup-calculation"))";
              junos:must-message "Not allowed with 'protocols ospf backup-spf-options remote-backup-calculation'";
              type empty;
              description
                "Use spring backup paths for inet.0 routes";
            }

            leaf disable {
              junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
              junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
              type empty;
              description
                "Do not run backup SPF";
            }

            leaf no-install {
              type empty;
              description
                "Do not install backup nexthops into the RIB";
            }

            leaf downstream-paths-only {
              junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
              junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
              type empty;
              description
                "Use only downstream backup paths";
            }

            container per-prefix-calculation {
              junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
              junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
              description
                "Calculate backup nexthops for non-best prefix originators";
              uses apply-advanced;

              leaf stubs {
                type empty;
                description
                  "Per prefix calculation for stubs only";
              }

              leaf summary {
                type empty;
                description
                  "Per prefix calculation for summary originators only";
              }

              leaf externals {
                type empty;
                description
                  "Per prefix calculation for externals";
              }

              leaf all {
                type empty;
                description
                  "Per prefix calculation for all";
              }
            }  // container per-prefix-calculation

            leaf node-link-degradation {
              junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
              junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
              type empty;
              description
                "Degrade to link protection when nodelink protection not available";
            }
          }  // container backup-spf-options

          leaf prefix-export-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            description
              "Maximum number of prefixes that can be exported";
          }
        }  // list topology

        container backup-spf-options {
          description
            "Configure options for backup SPF";
          uses apply-advanced;

          container remote-backup-calculation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            presence
              "enable remote-backup-calculation";
            description
              "Calculate Remote LFA backup nexthops";
            uses apply-advanced;

            container pq-nodes-nearest-to-source {
              description
                "PQ nodes selection based upon nearest to source";
              uses apply-advanced;

              leaf percent {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "10 .. 100";
                  }
                }
                description
                  "Selection percentage for nearest to source";
              }
            }  // container pq-nodes-nearest-to-source
          }  // container remote-backup-calculation

          container use-post-convergence-lfa {
            junos:must "("protocols ospf source-packet-routing")";
            junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
            presence
              "enable use-post-convergence-lfa";
            description
              "Calculate post-convergence backup paths";
            uses apply-advanced;

            leaf maximum-labels {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 8";
                }
              }
              description
                "Maximum number of labels installed for post-convergence paths";
            }

            leaf maximum-backup-paths {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 8";
                }
              }
              description
                "Maximum number of equal-cost post-convergence paths installed";
            }
          }  // container use-post-convergence-lfa

          leaf use-source-packet-routing {
            junos:must "(".. .. source-packet-routing")";
            junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
            junos:must "(!(".. remote-backup-calculation"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options remote-backup-calculation'";
            type empty;
            description
              "Use spring backup paths for inet.0 routes";
          }

          leaf disable {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Do not run backup SPF";
          }

          leaf no-install {
            type empty;
            description
              "Do not install backup nexthops into the RIB";
          }

          leaf downstream-paths-only {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Use only downstream backup paths";
          }

          container per-prefix-calculation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            description
              "Calculate backup nexthops for non-best prefix originators";
            uses apply-advanced;

            leaf stubs {
              type empty;
              description
                "Per prefix calculation for stubs only";
            }

            leaf summary {
              type empty;
              description
                "Per prefix calculation for summary originators only";
            }

            leaf externals {
              type empty;
              description
                "Per prefix calculation for externals";
            }

            leaf all {
              type empty;
              description
                "Per prefix calculation for all";
            }
          }  // container per-prefix-calculation

          leaf node-link-degradation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Degrade to link protection when nodelink protection not available";
          }
        }  // container backup-spf-options

        container traffic-engineering {
          presence
            "enable traffic-engineering";
          description
            "Configure traffic engineering attributes";
          uses apply-advanced;

          leaf no-topology {
            type empty;
            description
              "Disable dissemination of TE link-state topology information";
          }

          leaf multicast-rpf-routes {
            junos:must "(!(".. .. topology $$={ipv4-multicast}"))";
            junos:must-message "multicast-rpf-routes cannot be used with topology ipv4-multicast";
            junos:must "(".. shortcuts")";
            junos:must-message "multicast-rpf-routes cannot be used without shortcuts";
            type empty;
            description
              "Install routes for multicast RPF checks into inet.2";
          }

          leaf l3-unicast-topology {
            type empty;
            description
              "Download IGP topology into TED";
          }

          container ignore-lsp-metrics {
            presence
              "enable ignore-lsp-metrics";
            description
              "Ignore label-switched path metrics when doing shortcuts";
            uses apply-advanced;

            leaf unconfigured-only {
              type empty;
              description
                "Ignore lsp metrics for unconfigured only";
            }
          }  // container ignore-lsp-metrics

          container shortcuts {
            presence "enable shortcuts";
            description
              "Use label-switched paths as next hops, if possible";
            uses apply-advanced;

            leaf ignore-lsp-metrics {
              type empty;
              status deprecated;
              description
                "Ignore label-switched path metrics when doing shortcuts";
            }

            leaf lsp-metric-into-summary {
              type empty;
              description
                "Advertise LSP metric into summary LSAs";
            }

            list family {
              key "name";
              ordered-by user;
              description
                "Address family specific traffic-engineering attributes";
              leaf name {
                type enumeration {
                  enum "inet" {
                    value 0;
                    description
                      "IPv4 family";
                  }
                  enum "inet-mpls" {
                    value 1;
                    description
                      "IPv4-MPLS family";
                  }
                }
              }

              uses apply-advanced;
            }  // list family
          }  // container shortcuts

          leaf advertise-unnumbered-interfaces {
            type empty;
            description
              "Advertise unnumbered interfaces";
          }

          leaf credibility-protocol-preference {
            type empty;
            description
              "TED protocol credibility follows protocol preference";
          }

          container advertisement {
            description
              "Advertise TE parameters even if RSVP is not turned on";
            uses apply-advanced;

            leaf always {
              type empty;
              description
                "Advertise TE parameters in TE LSAs";
            }
          }  // container advertisement
        }  // container traffic-engineering

        container source-packet-routing {
          junos:must "(!(".. .. .. protocols mpls disable"))";
          junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
          junos:must "(".. .. .. protocols mpls ")";
          junos:must-message "SPRING configuration is not allowed without 'protocols mpls'";
          presence
            "enable source-packet-routing";
          description
            "Enable source packet routing (SPRING)";
          uses apply-advanced;

          container adjacency-segment {
            description
              "Attributes for adjacency segments in spring";
            uses apply-advanced;

            leaf hold-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "180000 .. 900000";
                }
              }
              description
                "Retain time of Adjacency segment after isolating from an interface";
            }
          }  // container adjacency-segment

          leaf-list prefix-segment {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Prefix Segment policy";
          }

          leaf explicit-null {
            type empty;
            description
              "Set E and P bits in all Prefix SID advertisements";
          }

          container node-segment {
            presence "enable node-segment";
            description
              "Enable support for Node segments in SPRING";
            uses apply-advanced;

            leaf ipv4-index {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 199999";
                }
              }
              description
                "Set ipv4 node segment index";
            }

            leaf index-range {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "32 .. 16385";
                }
              }
              description
                "Set range of node segment indices allowed";
            }
          }  // container node-segment

          container srgb {
            junos:must "(!(".. node-segment index-range"))";
            junos:must-message "Can not be configured with node-segment index-range";
            description
              "Set the SRGB global block in SPRING";
            leaf start-label {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32;
              }
              description
                "Start range for SRGB label block";
            }

            leaf index-range {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32;
              }
              description
                "Index to the SRGB start label block";
            }
          }  // container srgb

          leaf mapping-server {
            junos:must "(".. node-segment")";
            junos:must-message "protocols ospf source-packet-routing node-segment must be defined";
            junos:must "("routing-options source-packet-routing mapping-server-entry $$")";
            junos:must-message "Referenced source-packet-routing mapping-server-entry must be defined";
            type string;
            description
              "Mapping server name";
          }

          leaf install-prefix-sid-for-best-route {
            type empty;
            description
              "For best route install a exact prefix sid route";
          }

          leaf ldp-stitching {
            type empty;
            description
              "Enable SR to LDP stitching";
          }

          leaf-list flex-algorithm {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 255";
              }
            }
            max-elements 16;
            description
              "Flex-algorithms we would like to participate in";
          }
        }  // container source-packet-routing

        list area {
          key "name";
          ordered-by user;
          description
            "Configure an OSPF area";
          leaf name {
            type jt:areaid;
            description "Area ID";
          }

          uses apply-advanced;

          choice stub-option {
            container stub {
              presence "enable stub";
              description
                "Configure a stub area";
              leaf default-metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 16777215";
                  }
                }
                description
                  "Metric for the default route in this stub area";
              }

              choice summaries-choice {
                leaf summaries {
                  type empty;
                  description
                    "Flood summary LSAs into this stub area";
                }
                leaf no-summaries {
                  type empty;
                  description
                    "Don't flood summary LSAs into this stub area";
                }
              }  // choice summaries-choice
            }  // container stub
            container nssa {
              presence "enable nssa";
              description
                "Configure a not-so-stubby area";
              uses apply-advanced;

              container default-lsa {
                presence
                  "enable default-lsa";
                description
                  "Configure a default LSA";
                uses apply-advanced;

                leaf default-metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 16777215";
                    }
                  }
                  description
                    "Metric for the default route in this area";
                }

                leaf metric-type {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 2";
                    }
                  }
                  description
                    "External metric type for the default type 7 LSA";
                }

                leaf type-7 {
                  type empty;
                  description
                    "Flood type 7 default LSA if no-summaries is configured";
                }
              }  // container default-lsa

              leaf default-metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 16777215";
                  }
                }
                status deprecated;
                description
                  "Metric for the default route in this area";
              }

              leaf metric-type {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 2";
                  }
                }
                status deprecated;
                description
                  "External metric type for the default type 7 LSA";
              }

              choice summaries-choice {
                leaf summaries {
                  type empty;
                  description
                    "Flood summary LSAs into this NSSA area";
                }
                leaf no-summaries {
                  type empty;
                  description
                    "Don't flood summary LSAs into this NSSA area";
                }
              }  // choice summaries-choice

              list area-range {
                key "name";
                ordered-by user;
                description
                  "Configure NSSA area ranges";
                leaf name {
                  type jt:ipprefix;
                  description
                    "Range to summarize NSSA routes in this area";
                }

                uses apply-advanced;

                leaf restrict {
                  type empty;
                  description
                    "Restrict advertisement of this area range";
                }

                leaf exact {
                  type empty;
                  description
                    "Enforce exact match for advertisement of this area range";
                }

                container override-metric {
                  presence
                    "enable override-metric";
                  description
                    "Override the dynamic metric for this area-range";
                  uses apply-advanced;

                  leaf metric {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "1 .. 16777215";
                      }
                    }
                    description
                      "Metric value";
                  }

                  leaf metric-type {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 2";
                      }
                    }
                    default "1";
                    description
                      "Set the metric type for the override metric";
                  }
                }  // container override-metric
              }  // list area-range
            }  // container nssa
          }  // choice stub-option

          list area-range {
            key "name";
            ordered-by user;
            description
              "Configure area ranges";
            leaf name {
              type jt:ipprefix;
              description
                "Range to summarize routes in this area";
            }

            uses apply-advanced;

            leaf restrict {
              type empty;
              description
                "Restrict advertisement of this area range";
            }

            leaf exact {
              type empty;
              description
                "Enforce exact match for advertisement of this area range";
            }

            leaf override-metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16777215";
                }
              }
              description
                "Override the dynamic metric for this area-range";
            }
          }  // list area-range

          leaf-list network-summary-export {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Export policy for Type 3 Summary LSAs";
          }

          leaf-list network-summary-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for Type 3 Summary LSAs";
          }

          leaf-list inter-area-prefix-export {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Export policy for Inter Area Prefix LSAs";
          }

          leaf-list inter-area-prefix-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for Inter Area Prefix LSAs";
          }

          leaf authentication-type {
            type enumeration {
              enum "none" {
                value 0;
                status deprecated;
                description
                  "No authentication";
              }
              enum "simple" {
                value 1;
                status deprecated;
                description
                  "Simple password authentication";
              }
              enum "md5" {
                value 2;
                status deprecated;
                description
                  "MD5 authentication";
              }
            }
            status deprecated;
            description
              "Authentication type";
          }

          list virtual-link {
            junos:must "(".. .. area $$={0.0.0.0}")";
            junos:must-message "virtual link can be configured only under backbone area";
            key "neighbor-id transit-area";
            ordered-by user;
            description
              "Configure virtual links";
            leaf neighbor-id {
              type jt:ipv4addr;
              description
                "Router ID of a virtual neighbor";
            }

            leaf transit-area {
              type jt:areaid;
              description
                "Transit area in common with virtual neighbor";
            }

            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable this virtual link";
              }
            }  // choice enable-disable

            leaf retransmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Retransmission interval (seconds)";
            }

            leaf transit-delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Transit delay (seconds)";
            }

            leaf hello-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "Hello interval (seconds)";
            }

            leaf dead-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Dead interval (seconds)";
            }

            leaf mtu {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "128 .. 65535";
                }
              }
              description
                "Maximum OSPF packet size";
            }

            choice auth {
              container authentication {
                uses juniper-ospf-authentication;
              }  // container authentication
              container authentication-key {
                status deprecated;
                description
                  "Authentication key";
                leaf keyname {
                  type jt:unreadable;
                  description
                    "Authentication key value";
                }

                leaf key-id {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Key ID for MD5 authentication";
                }
              }  // container authentication-key
            }  // choice auth

            leaf demand-circuit {
              type empty;
              description
                "Interface functions as a demand circuit";
            }

            leaf flood-reduction {
              type empty;
              description
                "Enable flood reduction";
            }

            leaf no-neighbor-down-notification {
              type empty;
              description
                "Don't inform other protocols about neighbor down events";
            }

            leaf ipsec-sa {
              junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
              junos:must-message "Must not configure ipsec-sa for st0 interface";
              junos:must "("security ipsec security-association $$ manual")";
              junos:must-message "Referenced IPSec security association must be a manual SA";
              junos:must "("security ipsec security-association $$ mode transport")";
              junos:must-message "Referenced IPSec security association must be in transport mode";
              junos:must "("security ipsec security-association $$")";
              junos:must-message "Referenced IPSec security association must be defined";
              type string {
                length "1 .. 32";
              }
              description
                "IPSec security association name";
            }

            list topology {
              key "name";
              ordered-by user;
              description
                "Topology specific attributes";
              leaf name {
                type string;
                description "Topology name";
              }

              uses apply-advanced;

              leaf disable {
                type empty;
                description
                  "Disable this topology";
              }

              leaf metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Topology metric";
              }

              container bandwidth-based-metrics {
                junos:must "(".. metric")";
                junos:must-message "Metric must be configured";
                description
                  "Configure bandwidth based metrics";
                uses apply-advanced;

                list bandwidth {
                  key "name";
                  description
                    "Bandwidth threshold";
                  leaf name {
                    type string;
                  }

                  leaf metric {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint16 {
                        range "1 .. 65535";
                      }
                    }
                    description
                      "Metric associated with specified bandwidth";
                  }
                }  // list bandwidth
              }  // container bandwidth-based-metrics
            }  // list topology
          }  // list virtual-link

          list sham-link-remote {
            key "name";
            ordered-by user;
            description
              "Configure parameters for remote sham link endpoint";
            leaf name {
              junos:must "(!(".. .. .. sham-link local $$"))";
              junos:must-message "Local and remote sham link endpoint addresses must be different";
              junos:must "(".. .. .. sham-link local")";
              junos:must-message "Local sham link endpoint must be configured";
              type jt:ipaddr;
              description
                "Remote sham link endpoint address";
            }

            uses apply-advanced;

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Sham link metric";
            }

            leaf ipsec-sa {
              junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
              junos:must-message "Must not configure ipsec-sa for st0 interface";
              junos:must "("security ipsec security-association $$ manual")";
              junos:must-message "Referenced IPSec security association must be a manual SA";
              junos:must "("security ipsec security-association $$ mode transport")";
              junos:must-message "Referenced IPSec security association must be in transport mode";
              junos:must "("security ipsec security-association $$")";
              junos:must-message "Referenced IPSec security association must be defined";
              type string {
                length "1 .. 32";
              }
              description
                "IPSec security association name";
            }

            leaf demand-circuit {
              type empty;
              description
                "Interface functions as a demand circuit";
            }

            leaf flood-reduction {
              type empty;
              description
                "Enable flood reduction";
            }

            list topology {
              key "name";
              ordered-by user;
              description
                "Topology specific attributes";
              leaf name {
                type string;
                description "Topology name";
              }

              uses apply-advanced;

              leaf disable {
                type empty;
                description
                  "Disable this topology";
              }

              leaf metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Topology metric";
              }

              container bandwidth-based-metrics {
                junos:must "(".. metric")";
                junos:must-message "Metric must be configured";
                description
                  "Configure bandwidth based metrics";
                uses apply-advanced;

                list bandwidth {
                  key "name";
                  description
                    "Bandwidth threshold";
                  leaf name {
                    type string;
                  }

                  leaf metric {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint16 {
                        range "1 .. 65535";
                      }
                    }
                    description
                      "Metric associated with specified bandwidth";
                  }
                }  // list bandwidth
              }  // container bandwidth-based-metrics
            }  // list topology
          }  // list sham-link-remote

          list interface {
            key "name";
            ordered-by user;
            description
              "Include an interface in this area";
            leaf name {
              junos:must "((!(".. interface-type nbma") || (!(("interfaces $$" || any "logical-systems <*> interfaces $$")) || (any "interfaces $$-IFL family inet address <*>" || any "logical-systems <*> interfaces $$-IFL family inet address <*>"))))";
              junos:must-message "IPv4 address must be configured on the interface for nbma mode";
              type union {
                type jt:ipv4addr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable OSPF on this interface";
              }
            }  // choice enable-disable

            leaf interface-type {
              type enumeration {
                enum "nbma" {
                  value 0;
                  description
                    "Nonbroadcast multiaccess";
                }
                enum "p2mp" {
                  value 1;
                  description
                    "Point-to-multipoint NBMA";
                }
                enum "p2p" {
                  value 2;
                  description
                    "Point-to-point";
                }
                enum "p2mp-over-lan" {
                  value 3;
                  description
                    "Point-to-multipoint over LAN mode";
                }
              }
              description
                "Type of interface";
            }

            choice protection-type {
              leaf link-protection {
                type empty;
                description
                  "Protect interface from link faults only";
              }
              leaf node-link-protection {
                type empty;
                description
                  "Protect interface from both link and node faults";
              }
            }  // choice protection-type

            leaf no-eligible-backup {
              type empty;
              description
                "Not eligible to backup traffic from protected interfaces";
            }

            leaf no-eligible-remote-backup {
              type empty;
              description
                "Not eligible for Remote-LFA backup traffic from protected interfaces";
            }

            container passive {
              presence "enable passive";
              description
                "Do not run OSPF, but advertise it";
              uses apply-advanced;

              container traffic-engineering {
                description
                  "Advertise TE link information";
                uses apply-advanced;

                leaf remote-node-id {
                  type jt:ipaddr;
                  description
                    "Remote address of the link";
                }

                leaf remote-node-router-id {
                  junos:must "(".. remote-node-id")";
                  junos:must-message "remote-node-id must be configured";
                  type jt:ipv4addr;
                  description
                    "TE Router-ID of the remote node";
                }
              }  // container traffic-engineering
            }  // container passive

            leaf secondary {
              junos:must "(!(" .. ipsec-sa"))";
              junos:must-message "secondary interface cannot have ipsec-sa configured";
              junos:must "(!(" .. dynamic-neighbors"))";
              junos:must-message "secondary interface cannot have dynamic-neighbors configured";
              junos:must "(!(" .. neighbor"))";
              junos:must-message "secondary interface cannot have configured neighbors";
              junos:must "(!(" .. interface-type p2mp"))";
              junos:must-message "secondary interface cannot be set as type p2mp";
              junos:must "(!(" .. interface-type nbma"))";
              junos:must-message "secondary interface cannot be set as type nbma";
              junos:must "(!(" .. passive"))";
              junos:must-message "secondary interface cannot be configured passive";
              type empty;
              description
                "Treat interface as secondary";
            }

            leaf own-router-lsa {
              type empty;
              description
                "Generate a separate router LSA for this interface";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Interface metric";
            }

            leaf priority {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255";
                }
              }
              description
                "Designated router priority";
            }

            leaf retransmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Retransmission interval (seconds)";
            }

            leaf transit-delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Transit delay (seconds)";
            }

            leaf hello-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "Hello interval (seconds)";
            }

            leaf dead-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Dead interval (seconds)";
            }

            leaf mtu {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "128 .. 65535";
                }
              }
              description
                "Maximum OSPF packet size";
            }

            choice auth {
              container authentication {
                uses juniper-ospf-authentication;
              }  // container authentication
              container authentication-key {
                status deprecated;
                description
                  "Authentication key";
                leaf keyname {
                  type jt:unreadable;
                  description
                    "Authentication key value";
                }

                leaf key-id {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Key ID for MD5 authentication";
                }
              }  // container authentication-key
            }  // choice auth

            leaf demand-circuit {
              type empty;
              description
                "Interface functions as a demand circuit";
            }

            leaf flood-reduction {
              type empty;
              description
                "Enable flood reduction";
            }

            leaf no-neighbor-down-notification {
              type empty;
              description
                "Don't inform other protocols about neighbor down events";
            }

            leaf ipsec-sa {
              junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
              junos:must-message "Must not configure ipsec-sa for st0 interface";
              junos:must "("security ipsec security-association $$ manual")";
              junos:must-message "Referenced IPSec security association must be a manual SA";
              junos:must "("security ipsec security-association $$ mode transport")";
              junos:must-message "Referenced IPSec security association must be in transport mode";
              junos:must "("security ipsec security-association $$")";
              junos:must-message "Referenced IPSec security association must be defined";
              type string {
                length "1 .. 32";
              }
              description
                "IPSec security association name";
            }

            list topology {
              key "name";
              ordered-by user;
              description
                "Topology specific attributes";
              leaf name {
                type string;
                description "Topology name";
              }

              uses apply-advanced;

              leaf disable {
                type empty;
                description
                  "Disable this topology";
              }

              leaf metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Topology metric";
              }

              container bandwidth-based-metrics {
                junos:must "(".. metric")";
                junos:must-message "Metric must be configured";
                description
                  "Configure bandwidth based metrics";
                uses apply-advanced;

                list bandwidth {
                  key "name";
                  description
                    "Bandwidth threshold";
                  leaf name {
                    type string;
                  }

                  leaf metric {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint16 {
                        range "1 .. 65535";
                      }
                    }
                    description
                      "Metric associated with specified bandwidth";
                  }
                }  // list bandwidth
              }  // container bandwidth-based-metrics
            }  // list topology

            leaf transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              status deprecated;
              description
                "OSPF packet transmit interval (milliseconds)";
            }

            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time

              container authentication {
                description
                  "Authentication options";
                uses apply-advanced;

                leaf key-chain {
                  junos:must "(".. algorithm")";
                  junos:must-message "May not be configured without algorithm";
                  junos:must "("security authentication-key-chains key-chain $$")";
                  junos:must-message "Referenced key-chain must be defined";
                  type string;
                  description
                    "Key chain name";
                }

                leaf algorithm {
                  junos:must "(".. key-chain")";
                  junos:must-message "May not be configured without key-chain";
                  type enumeration {
                    enum "simple-password" {
                      value 0;
                      description
                        "Simple password";
                    }
                    enum "keyed-md5" {
                      value 1;
                      description
                        "Keyed message Digest 5";
                    }
                    enum
                      "meticulous-keyed-md5" {
                      value 2;
                      description
                        "Meticulous keyed message Digest 5";
                    }
                    enum "keyed-sha-1" {
                      value 3;
                      description
                        "Keyed secure hash algorithm (SHA1) ";
                    }
                    enum
                      "meticulous-keyed-sha-1" {
                      value 4;
                      description
                        "Meticulous keyed secure hash algorithm (SHA1) ";
                    }
                  }
                  description
                    "Algorithm name";
                }

                leaf loose-check {
                  type empty;
                  description
                    "Verify authentication only if authentication is negotiated";
                }
              }  // container authentication

              leaf full-neighbors-only {
                type empty;
                description
                  "Setup BFD sessions only to Full neighbors";
              }

              leaf holddown-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Time to hold the session-UP notification to the client";
              }
            }  // container bfd-liveness-detection

            leaf dynamic-neighbors {
              junos:must "(" .. interface-type p2mp")";
              junos:must-message "dynamic-neighbors option can be set only if the interface type is p2mp";
              type empty;
              description
                "Learn neighbors dynamically on a p2mp interface";
            }

            leaf no-advertise-adjacency-segment {
              type empty;
              description
                "Do not advertise an adjacency segment for this interface";
            }

            list neighbor {
              junos:must "(!(" .. dynamic-neighbors"))";
              junos:must-message "Neighbors cannot be specified manually if dynamic-neighbors is set";
              key "name";
              ordered-by user;
              description "NBMA neighbor";
              leaf name {
                type jt:ipaddr;
                description
                  "Address of neighbor";
              }

              leaf eligible {
                type empty;
                description
                  "Eligible to be DR on an NBMA network";
              }
            }  // list neighbor

            leaf poll-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Poll interval for NBMA interfaces";
            }

            leaf no-interface-state-traps {
              type empty;
              description
                "Do not send interface state change traps";
            }

            leaf strict-bfd {
              junos:must "(" .. bfd-liveness-detection")";
              junos:must-message "strict bfd cannot be configured without bfd.";
              junos:must "(!(" .. bfd-liveness-detection full-neighbors-only"))";
              junos:must-message "full-neighbors-only and strict-bfd cannot be configured together";
              type empty;
              description
                "Enable strict bfd over this interface";
            }

            container post-convergence-lfa {
              junos:must "("protocols ospf backup-spf-options use-post-convergence-lfa")";
              junos:must-message "Not allowed without 'protocols ospf backup-spf-options use-post-convergence-lfa'";
              presence
                "enable post-convergence-lfa";
              description
                "Protect interface using post-convergence backup path";
              uses apply-advanced;

              container node-protection {
                presence
                  "enable node-protection";
                description
                  "Compute backup path assuming node failure";
                uses apply-advanced;

                leaf cost {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Cost for node protection";
                }
              }  // container node-protection

              leaf srlg-protection {
                type empty;
                description
                  "Compute backup path assuming SRLG failure";
              }

              leaf fate-sharing-protection {
                type empty;
                description
                  "Compute backup path assuming fate-sharing group failure";
              }
            }  // container post-convergence-lfa

            leaf te-metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              description
                "Traffic engineering metric";
            }

            container ldp-synchronization {
              presence
                "enable ldp-synchronization";
              description
                "Advertise maximum metric until LDP is operational";
              uses ldp-sync-obj;
            }  // container ldp-synchronization

            container ipv4-adjacency-segment {
              junos:must "(!(".. no-advertise-adjacency-segment"))";
              junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
              description
                "Configure ipv4 adjacency segment";
              uses apply-advanced;

              container protected {
                description
                  "Adjacency SID is eligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container protected

              container unprotected {
                description
                  "Adjacency SID uneligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container unprotected
            }  // container ipv4-adjacency-segment

            list lan-neighbor {
              junos:must "(!(".. ipv4-adjacency-segment"))";
              junos:must-message "lan-neighbor can't be configured if ipv4-adjacency-segment is configured in the same interface";
              junos:must "(!(".. no-advertise-adjacency-segment"))";
              junos:must-message "lan-neighbor can't be configured if no-advertise-adjacency-segment is configured in the same interface ";
              junos:must "(!(".. interface-type p2p"))";
              junos:must-message "lan-neighbor can't be configured for point-to-point interfaces";
              key "name";
              ordered-by user;
              description
                "Configuration specific to a LAN neighbor";
              leaf name {
                type jt:ipaddr;
                description
                  "Address of neighbor";
              }

              uses apply-advanced;

              container ipv4-adjacency-segment {
                junos:must "(!(".. no-advertise-adjacency-segment"))";
                junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
                description
                  "Configure ipv4 adjacency segment";
                uses apply-advanced;

                container protected {
                  description
                    "Adjacency SID is eligible for protection";
                  choice adjsid-type {
                    container index {
                      description
                        "Adjacency SID indexed from SRGB";
                      leaf index-number {
                        type union {
                          type string {
                            pattern
                              "<.*>|$.*";
                          }
                          type uint32 {
                            range
                              "0 .. 199999";
                          }
                        }
                      }
                    }  // container index
                    leaf label {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "16 .. 1048575";
                        }
                      }
                      description
                        "Adjacency SID from static label pool";
                    }
                    leaf dynamic {
                      type empty;
                      description
                        "Dynamically allocate an adjacency segment";
                    }
                  }  // choice adjsid-type
                }  // container protected

                container unprotected {
                  description
                    "Adjacency SID uneligible for protection";
                  choice adjsid-type {
                    container index {
                      description
                        "Adjacency SID indexed from SRGB";
                      leaf index-number {
                        type union {
                          type string {
                            pattern
                              "<.*>|$.*";
                          }
                          type uint32 {
                            range
                              "0 .. 199999";
                          }
                        }
                      }
                    }  // container index
                    leaf label {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "16 .. 1048575";
                        }
                      }
                      description
                        "Adjacency SID from static label pool";
                    }
                    leaf dynamic {
                      type empty;
                      description
                        "Dynamically allocate an adjacency segment";
                    }
                  }  // choice adjsid-type
                }  // container unprotected
              }  // container ipv4-adjacency-segment
            }  // list lan-neighbor
          }  // list interface

          leaf no-context-identifier-advertisement {
            junos:must "(!(".. context-identifier"))";
            junos:must-message "no-context-identifier-advertisement and context-identifier attributes are mutually exclusive";
            type empty;
            description
              "Disable context identifier advertisments in this area";
          }

          list peer-interface {
            key "name";
            ordered-by user;
            description
              "Configuration for peer interface";
            leaf name {
              type string;
              description
                "Name of peer interface";
            }

            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable OSPF on this control peer";
              }
            }  // choice enable-disable

            leaf retransmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Retransmission interval (seconds)";
            }

            leaf transit-delay {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Transit delay (seconds)";
            }

            leaf hello-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "Hello interval (seconds)";
            }

            leaf dead-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Dead interval (seconds)";
            }

            leaf mtu {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "128 .. 65535";
                }
              }
              description
                "Maximum OSPF packet size";
            }

            choice auth {
              container authentication {
                uses juniper-ospf-authentication;
              }  // container authentication
              container authentication-key {
                status deprecated;
                description
                  "Authentication key";
                leaf keyname {
                  type jt:unreadable;
                  description
                    "Authentication key value";
                }

                leaf key-id {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Key ID for MD5 authentication";
                }
              }  // container authentication-key
            }  // choice auth

            leaf demand-circuit {
              type empty;
              description
                "Interface functions as a demand circuit";
            }

            leaf flood-reduction {
              type empty;
              description
                "Enable flood reduction";
            }

            leaf no-neighbor-down-notification {
              type empty;
              description
                "Don't inform other protocols about neighbor down events";
            }
          }  // list peer-interface

          leaf no-source-packet-routing {
            type empty;
            description
              "Disable SPRING in this area";
          }

          list context-identifier {
            junos:must "(!(".. no-context-identifier-advertisement"))";
            junos:must-message "no-context-identifier-advertisement and context-identifier attributes are mutually exclusive";
            key "name";
            ordered-by user;
            description
              "Configure context identifier in support of edge protection";
            leaf name {
              type jt:ipv4addr;
              description
                "Context identifier";
            }

            uses apply-advanced;
          }  // list context-identifier

          list label-switched-path {
            junos:must "(!(".. .. traffic-engineering multicast-rpf-routes"))";
            junos:must-message "cannot advertise LSPs when using multicast-rpf-routes";
            key "name";
            ordered-by user;
            description
              "Configuration for advertisement of a label-switched path";
            leaf name {
              type string {
                length "1 .. 64";
              }
              description
                "Name of label-switched path to be advertised";
            }

            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable OSPF on this label-switched path";
              }
            }  // choice enable-disable

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Interface metric";
            }

            list topology {
              key "name";
              ordered-by user;
              description
                "Topology specific attributes";
              leaf name {
                type string;
                description "Topology name";
              }

              uses apply-advanced;

              leaf disable {
                type empty;
                description
                  "Disable this topology";
              }

              leaf metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Topology metric";
              }

              container bandwidth-based-metrics {
                junos:must "(".. metric")";
                junos:must-message "Metric must be configured";
                description
                  "Configure bandwidth based metrics";
                uses apply-advanced;

                list bandwidth {
                  key "name";
                  description
                    "Bandwidth threshold";
                  leaf name {
                    type string;
                  }

                  leaf metric {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint16 {
                        range "1 .. 65535";
                      }
                    }
                    description
                      "Metric associated with specified bandwidth";
                  }
                }  // list bandwidth
              }  // container bandwidth-based-metrics
            }  // list topology
          }  // list label-switched-path
        }  // list area

        choice enable-disable {
          leaf disable {
            type empty;
            description "Disable OSPF";
          }
        }  // choice enable-disable

        container traceoptions {
          description
            "Trace options for OSPF";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "spf" {
                  value 0;
                  description
                    "Trace SPF calculations";
                }
                enum "error" {
                  value 1;
                  description
                    "Trace errored packets";
                }
                enum "event" {
                  value 2;
                  description
                    "Trace OSPF state machine events";
                }
                enum "packet-dump" {
                  value 3;
                  description
                    "Dump the contents of selected packet types";
                }
                enum "flooding" {
                  value 4;
                  description
                    "Trace LSA flooding";
                }
                enum "lsa-analysis" {
                  value 5;
                  description
                    "Trace LSA analysis";
                }
                enum "packets" {
                  value 6;
                  description
                    "Trace all OSPF packets";
                }
                enum "hello" {
                  value 7;
                  description
                    "Trace hello packets";
                }
                enum "database-description" {
                  value 8;
                  description
                    "Trace database description packets";
                }
                enum "lsa-request" {
                  value 9;
                  description
                    "Trace LSA request packets";
                }
                enum "lsa-update" {
                  value 10;
                  description
                    "Trace LSA update packets";
                }
                enum "lsa-ack" {
                  value 11;
                  description
                    "Trace LSA acknowledgment packets";
                }
                enum "ldp-synchronization" {
                  value 12;
                  description
                    "Trace synchronization between OSPF and LDP";
                }
                enum "on-demand" {
                  value 13;
                  description
                    "Trace demand circuit extensions";
                }
                enum "nsr-synchronization" {
                  value 14;
                  description
                    "Trace NSR synchronization events";
                }
                enum "graceful-restart" {
                  value 15;
                  description
                    "Trace graceful restart";
                }
                enum "restart-signaling" {
                  value 16;
                  description
                    "Trace restart signaling";
                }
                enum "backup-spf" {
                  value 17;
                  description
                    "Trace backup SPF (LFA) specific events";
                }
                enum "source-packet-routing" {
                  value 18;
                  description
                    "Trace source packet routing (SPRING) events";
                }
                enum "post-convergence-lfa" {
                  value 19;
                  description
                    "Trace post-convergence-lfa related events";
                }
                enum "flex-algorithm" {
                  value 20;
                  description
                    "Trace flex-algorithm related events";
                }
                enum "route" {
                  value 21;
                  description
                    "Trace routing information";
                }
                enum "normal" {
                  value 22;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 23;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 24;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 25;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 26;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 27;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 28;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        container spf-options {
          description
            "Configure options for SPF";
          uses apply-advanced;

          leaf delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "50 .. 8000";
              }
            }
            units "milliseconds";
            description
              "Time to wait before running an SPF";
          }

          leaf holddown {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2000 .. 20000";
              }
            }
            units "milliseconds";
            description
              "Time to hold down before running an SPF";
          }

          leaf rapid-runs {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 10";
              }
            }
            description
              "Number of maximum rapid SPF runs before holddown";
          }

          leaf no-ignore-our-externals {
            type empty;
            description
              "Do not ignore self-generated external and NSSA LSAs";
          }
        }  // container spf-options

        leaf prefix-export-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Maximum number of prefixes that can be exported";
        }

        container rib-groups {
          description
            "Routing table groups for importing OSPF routes";
          uses apply-advanced;

          leaf inet {
            junos:must "("routing-options rib-groups $$")";
            junos:must-message "Referenced rib-groups must be defined";
            junos:must "(!(".. topology $$={default} rib-group"))";
            junos:must-message "rib-group cannot be used with topology default rib-group";
            type string;
            description
              "Name of the IPv4/v6 routing table group";
          }

          leaf inet3 {
            junos:must "("routing-options rib-groups $$")";
            junos:must-message "Referenced rib-groups must be defined";
            junos:must "(!(".. topology $$={default} rib-group"))";
            junos:must-message "rib-group cannot be used with topology default rib-group";
            type string;
            description
              "Name of the IPv4/v6 inet.3 routing table group";
          }
        }  // container rib-groups

        leaf job-stats {
          type empty;
          description
            "Collect job statistics";
        }

        container overload {
          presence "enable overload";
          description
            "Set the overload mode (repel transit traffic)";
          uses apply-advanced;

          leaf timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "60 .. 3600";
              }
            }
            units "seconds";
            description
              "Time after which overload mode is reset";
          }

          leaf allow-route-leaking {
            type empty;
            description
              "Allow routes to be leaked when overload is configured";
          }

          leaf stub-network {
            type empty;
            description
              "Advertise Stub Network with maximum metric";
          }

          leaf intra-area-prefix {
            type empty;
            description
              "Advertise Intra Area Prefix with maximum metric";
          }

          leaf as-external {
            type empty;
            description
              "Advertise As External with maximum usable metric";
          }
        }  // container overload

        container database-protection {
          presence
            "enable database-protection";
          description
            "Configure database protection attributes";
          uses apply-advanced;

          leaf maximum-lsa {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1000000";
              }
            }
            description
              "Maximum allowed non self-generated LSAs";
          }

          leaf warning-only {
            type empty;
            description
              "Emit only a warning when LSA maximum limit is exceeded";
          }

          leaf warning-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "30 .. 100";
              }
            }
            units "percent";
            description
              "Percentage of LSA maximum above which to trigger warning";
          }

          leaf ignore-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "1 .. 32";
              }
            }
            description
              "Maximum number of times to go into ignore state";
          }

          leaf ignore-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "30 .. 3600";
              }
            }
            units "seconds";
            description
              "Time to stay in ignore state and ignore all neighbors";
          }

          leaf reset-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "60 .. 86400";
              }
            }
            units "seconds";
            description
              "Time after which the ignore count gets reset to zero";
          }
        }  // container database-protection

        container graceful-restart {
          description
            "Configure graceful restart attributes";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF graceful restart capability";
            }
          }  // choice enable-disable

          leaf restart-duration {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 3600";
              }
            }
            units "seconds";
            description
              "Time for all neighbors to become full";
          }

          leaf notify-duration {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 3600";
              }
            }
            units "seconds";
            description
              "Time to send all max-aged grace LSAs";
          }

          container helper-disable {
            presence "enable helper-disable";
            description
              "Disable graceful restart helper capability";
            uses apply-advanced;

            choice disable-choices {
              leaf standard {
                type empty;
                description
                  "Disable helper-mode for rfc3623 based GR";
              }
              leaf restart-signaling {
                type empty;
                description
                  "Disable helper mode for restart-signaling ";
              }
              leaf both {
                type empty;
                description
                  "Disable helper mode for both the types of GR";
              }
            }  // choice disable-choices
          }  // container helper-disable

          leaf no-strict-lsa-checking {
            junos:must "(!(".. helper-disable"))";
            junos:must-message "To configure no-strict-lsa-checking, helper-disable must not be set";
            type empty;
            description
              "Do not abort graceful helper mode upon LSA changes";
          }
        }  // container graceful-restart

        leaf route-type-community {
          type enumeration {
            enum "iana" {
              value 0;
              description
                "BGP extended community value used is 0x0306";
            }
            enum "vendor" {
              value 1;
              description
                "Vendor BGP extended community value used is 0x8000";
            }
          }
          description
            "Specify BGP extended community value to encode OSPF route type";
        }

        container domain-id {
          description "Configure domain ID";
          choice domain_id_or_disable {
            leaf domain-id {
              type string;
              description "Domain ID";
            }
            leaf disable {
              type empty;
              description
                "Disable domain ID";
            }
          }  // choice domain_id_or_disable
        }  // container domain-id

        choice domain_vpn_tag_or_disable {
          leaf domain-vpn-tag {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            description
              "Domain VPN tag for external LSA";
          }
          leaf no-domain-vpn-tag {
            type empty;
            description
              "Disable domain VPN tag";
          }
        }  // choice domain_vpn_tag_or_disable

        leaf preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of internal routes";
        }

        leaf external-preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of external routes";
        }

        leaf labeled-preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of labeled routes";
        }

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description "Export policy";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy (for external routes or setting priority)";
        }

        leaf reference-bandwidth {
          type string;
          description
            "Bandwidth for calculating metric defaults";
        }

        leaf lsa-refresh-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "25 .. 50";
            }
          }
          default "50";
          description
            "LSA refresh interval (minutes)";
        }

        leaf spf-delay {
          junos:must "(!(".. spf-options delay"))";
          junos:must-message "You can only configure either spf-delay or delay under spf-options";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "50 .. 8000";
            }
          }
          units "milliseconds";
          status deprecated;
          description
            "Time to wait before running an SPF";
        }

        leaf no-rfc-1583 {
          type empty;
          description
            "Disable RFC1583 compatibility";
        }

        leaf forwarding-address-to-broadcast {
          type empty;
          description
            "Set forwarding address in Type 5 LSA in broadcast network";
        }

        choice nssa-abr-option {
          leaf no-nssa-abr {
            type empty;
            description
              "Disable full NSSA functionality at ABR";
          }
        }  // choice nssa-abr-option

        container sham-link {
          presence "enable sham-link";
          description
            "Configure parameters for sham links";
          uses apply-advanced;

          leaf local {
            type jt:ipaddr;
            description
              "Local sham link endpoint address";
          }

          leaf no-advertise-local {
            type empty;
            status deprecated;
            description
              "Don't advertise local sham link endpoint as stub in router LSA";
          }
        }  // container sham-link
      }  // list realm

      uses apply-advanced;

      list topology {
        key "name";
        ordered-by user;
        description "Topology parameters";
        leaf name {
          type string;
          description "Topology name";
        }

        uses apply-advanced;

        leaf disable {
          type empty;
          description
            "Disable this topology";
        }

        leaf topology-id {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "32 .. 127";
            }
          }
          description "Topology identifier";
        }

        leaf overload {
          type empty;
          description
            "Set the overload mode (repel transit traffic)";
        }

        leaf rib-group {
          junos:must "("routing-options rib-groups $$")";
          junos:must-message "Referenced rib-group must be defined";
          type string;
          description
            "Routing table group for importing routes";
        }

        container spf-options {
          description
            "Configure options for SPF";
          uses apply-advanced;

          leaf delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "50 .. 8000";
              }
            }
            units "milliseconds";
            description
              "Time to wait before running an SPF";
          }

          leaf holddown {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2000 .. 20000";
              }
            }
            units "milliseconds";
            description
              "Time to hold down before running an SPF";
          }

          leaf rapid-runs {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 10";
              }
            }
            description
              "Number of maximum rapid SPF runs before holddown";
          }

          leaf no-ignore-our-externals {
            type empty;
            description
              "Do not ignore self-generated external and NSSA LSAs";
          }
        }  // container spf-options

        container backup-spf-options {
          description
            "Configure options for backup SPF";
          uses apply-advanced;

          container remote-backup-calculation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            presence
              "enable remote-backup-calculation";
            description
              "Calculate Remote LFA backup nexthops";
            uses apply-advanced;

            container pq-nodes-nearest-to-source {
              description
                "PQ nodes selection based upon nearest to source";
              uses apply-advanced;

              leaf percent {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "10 .. 100";
                  }
                }
                description
                  "Selection percentage for nearest to source";
              }
            }  // container pq-nodes-nearest-to-source
          }  // container remote-backup-calculation

          container use-post-convergence-lfa {
            junos:must "("protocols ospf source-packet-routing")";
            junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
            presence
              "enable use-post-convergence-lfa";
            description
              "Calculate post-convergence backup paths";
            uses apply-advanced;

            leaf maximum-labels {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 8";
                }
              }
              description
                "Maximum number of labels installed for post-convergence paths";
            }

            leaf maximum-backup-paths {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 8";
                }
              }
              description
                "Maximum number of equal-cost post-convergence paths installed";
            }
          }  // container use-post-convergence-lfa

          leaf use-source-packet-routing {
            junos:must "(".. .. source-packet-routing")";
            junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
            junos:must "(!(".. remote-backup-calculation"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options remote-backup-calculation'";
            type empty;
            description
              "Use spring backup paths for inet.0 routes";
          }

          leaf disable {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Do not run backup SPF";
          }

          leaf no-install {
            type empty;
            description
              "Do not install backup nexthops into the RIB";
          }

          leaf downstream-paths-only {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Use only downstream backup paths";
          }

          container per-prefix-calculation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            description
              "Calculate backup nexthops for non-best prefix originators";
            uses apply-advanced;

            leaf stubs {
              type empty;
              description
                "Per prefix calculation for stubs only";
            }

            leaf summary {
              type empty;
              description
                "Per prefix calculation for summary originators only";
            }

            leaf externals {
              type empty;
              description
                "Per prefix calculation for externals";
            }

            leaf all {
              type empty;
              description
                "Per prefix calculation for all";
            }
          }  // container per-prefix-calculation

          leaf node-link-degradation {
            junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
            junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            type empty;
            description
              "Degrade to link protection when nodelink protection not available";
          }
        }  // container backup-spf-options

        leaf prefix-export-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Maximum number of prefixes that can be exported";
        }
      }  // list topology

      container backup-spf-options {
        description
          "Configure options for backup SPF";
        uses apply-advanced;

        container remote-backup-calculation {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          presence
            "enable remote-backup-calculation";
          description
            "Calculate Remote LFA backup nexthops";
          uses apply-advanced;

          container pq-nodes-nearest-to-source {
            description
              "PQ nodes selection based upon nearest to source";
            uses apply-advanced;

            leaf percent {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10 .. 100";
                }
              }
              description
                "Selection percentage for nearest to source";
            }
          }  // container pq-nodes-nearest-to-source
        }  // container remote-backup-calculation

        container use-post-convergence-lfa {
          junos:must "("protocols ospf source-packet-routing")";
          junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
          presence
            "enable use-post-convergence-lfa";
          description
            "Calculate post-convergence backup paths";
          uses apply-advanced;

          leaf maximum-labels {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 8";
              }
            }
            description
              "Maximum number of labels installed for post-convergence paths";
          }

          leaf maximum-backup-paths {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 8";
              }
            }
            description
              "Maximum number of equal-cost post-convergence paths installed";
          }
        }  // container use-post-convergence-lfa

        leaf use-source-packet-routing {
          junos:must "(".. .. source-packet-routing")";
          junos:must-message "Configuration of 'protocols ospf source-packet-routing' is required";
          junos:must "(!(".. remote-backup-calculation"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options remote-backup-calculation'";
          type empty;
          description
            "Use spring backup paths for inet.0 routes";
        }

        leaf disable {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Do not run backup SPF";
        }

        leaf no-install {
          type empty;
          description
            "Do not install backup nexthops into the RIB";
        }

        leaf downstream-paths-only {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Use only downstream backup paths";
        }

        container per-prefix-calculation {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          description
            "Calculate backup nexthops for non-best prefix originators";
          uses apply-advanced;

          leaf stubs {
            type empty;
            description
              "Per prefix calculation for stubs only";
          }

          leaf summary {
            type empty;
            description
              "Per prefix calculation for summary originators only";
          }

          leaf externals {
            type empty;
            description
              "Per prefix calculation for externals";
          }

          leaf all {
            type empty;
            description
              "Per prefix calculation for all";
          }
        }  // container per-prefix-calculation

        leaf node-link-degradation {
          junos:must "(!("protocols ospf backup-spf-options use-post-convergence-lfa"))";
          junos:must-message "Not allowed with 'protocols ospf backup-spf-options use-post-convergence-lfa'";
          type empty;
          description
            "Degrade to link protection when nodelink protection not available";
        }
      }  // container backup-spf-options

      container traffic-engineering {
        presence
          "enable traffic-engineering";
        description
          "Configure traffic engineering attributes";
        uses apply-advanced;

        leaf no-topology {
          type empty;
          description
            "Disable dissemination of TE link-state topology information";
        }

        leaf multicast-rpf-routes {
          junos:must "(!(".. .. topology $$={ipv4-multicast}"))";
          junos:must-message "multicast-rpf-routes cannot be used with topology ipv4-multicast";
          junos:must "(".. shortcuts")";
          junos:must-message "multicast-rpf-routes cannot be used without shortcuts";
          type empty;
          description
            "Install routes for multicast RPF checks into inet.2";
        }

        leaf l3-unicast-topology {
          type empty;
          description
            "Download IGP topology into TED";
        }

        container ignore-lsp-metrics {
          presence
            "enable ignore-lsp-metrics";
          description
            "Ignore label-switched path metrics when doing shortcuts";
          uses apply-advanced;

          leaf unconfigured-only {
            type empty;
            description
              "Ignore lsp metrics for unconfigured only";
          }
        }  // container ignore-lsp-metrics

        container shortcuts {
          presence "enable shortcuts";
          description
            "Use label-switched paths as next hops, if possible";
          uses apply-advanced;

          leaf ignore-lsp-metrics {
            type empty;
            status deprecated;
            description
              "Ignore label-switched path metrics when doing shortcuts";
          }

          leaf lsp-metric-into-summary {
            type empty;
            description
              "Advertise LSP metric into summary LSAs";
          }

          list family {
            key "name";
            ordered-by user;
            description
              "Address family specific traffic-engineering attributes";
            leaf name {
              type enumeration {
                enum "inet" {
                  value 0;
                  description "IPv4 family";
                }
                enum "inet-mpls" {
                  value 1;
                  description
                    "IPv4-MPLS family";
                }
              }
            }

            uses apply-advanced;
          }  // list family
        }  // container shortcuts

        leaf advertise-unnumbered-interfaces {
          type empty;
          description
            "Advertise unnumbered interfaces";
        }

        leaf credibility-protocol-preference {
          type empty;
          description
            "TED protocol credibility follows protocol preference";
        }

        container advertisement {
          description
            "Advertise TE parameters even if RSVP is not turned on";
          uses apply-advanced;

          leaf always {
            type empty;
            description
              "Advertise TE parameters in TE LSAs";
          }
        }  // container advertisement
      }  // container traffic-engineering

      container source-packet-routing {
        junos:must "(!(".. .. .. protocols mpls disable"))";
        junos:must-message "SPRING configuration is not allowed with 'protocols mpls disable'";
        junos:must "(".. .. .. protocols mpls ")";
        junos:must-message "SPRING configuration is not allowed without 'protocols mpls'";
        presence
          "enable source-packet-routing";
        description
          "Enable source packet routing (SPRING)";
        uses apply-advanced;

        container adjacency-segment {
          description
            "Attributes for adjacency segments in spring";
          uses apply-advanced;

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "180000 .. 900000";
              }
            }
            description
              "Retain time of Adjacency segment after isolating from an interface";
          }
        }  // container adjacency-segment

        leaf-list prefix-segment {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Prefix Segment policy";
        }

        leaf explicit-null {
          type empty;
          description
            "Set E and P bits in all Prefix SID advertisements";
        }

        container node-segment {
          presence "enable node-segment";
          description
            "Enable support for Node segments in SPRING";
          uses apply-advanced;

          leaf ipv4-index {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 199999";
              }
            }
            description
              "Set ipv4 node segment index";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "32 .. 16385";
              }
            }
            description
              "Set range of node segment indices allowed";
          }
        }  // container node-segment

        container srgb {
          junos:must "(!(".. node-segment index-range"))";
          junos:must-message "Can not be configured with node-segment index-range";
          description
            "Set the SRGB global block in SPRING";
          leaf start-label {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Start range for SRGB label block";
          }

          leaf index-range {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Index to the SRGB start label block";
          }
        }  // container srgb

        leaf mapping-server {
          junos:must "(".. node-segment")";
          junos:must-message "protocols ospf source-packet-routing node-segment must be defined";
          junos:must "("routing-options source-packet-routing mapping-server-entry $$")";
          junos:must-message "Referenced source-packet-routing mapping-server-entry must be defined";
          type string;
          description "Mapping server name";
        }

        leaf install-prefix-sid-for-best-route {
          type empty;
          description
            "For best route install a exact prefix sid route";
        }

        leaf ldp-stitching {
          type empty;
          description
            "Enable SR to LDP stitching";
        }

        leaf-list flex-algorithm {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "128 .. 255";
            }
          }
          max-elements 16;
          description
            "Flex-algorithms we would like to participate in";
        }
      }  // container source-packet-routing

      list area {
        key "name";
        ordered-by user;
        description "Configure an OSPF area";
        leaf name {
          type jt:areaid;
          description "Area ID";
        }

        uses apply-advanced;

        choice stub-option {
          container stub {
            presence "enable stub";
            description
              "Configure a stub area";
            leaf default-metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16777215";
                }
              }
              description
                "Metric for the default route in this stub area";
            }

            choice summaries-choice {
              leaf summaries {
                type empty;
                description
                  "Flood summary LSAs into this stub area";
              }
              leaf no-summaries {
                type empty;
                description
                  "Don't flood summary LSAs into this stub area";
              }
            }  // choice summaries-choice
          }  // container stub
          container nssa {
            presence "enable nssa";
            description
              "Configure a not-so-stubby area";
            uses apply-advanced;

            container default-lsa {
              presence "enable default-lsa";
              description
                "Configure a default LSA";
              uses apply-advanced;

              leaf default-metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 16777215";
                  }
                }
                description
                  "Metric for the default route in this area";
              }

              leaf metric-type {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 2";
                  }
                }
                description
                  "External metric type for the default type 7 LSA";
              }

              leaf type-7 {
                type empty;
                description
                  "Flood type 7 default LSA if no-summaries is configured";
              }
            }  // container default-lsa

            leaf default-metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 16777215";
                }
              }
              status deprecated;
              description
                "Metric for the default route in this area";
            }

            leaf metric-type {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2";
                }
              }
              status deprecated;
              description
                "External metric type for the default type 7 LSA";
            }

            choice summaries-choice {
              leaf summaries {
                type empty;
                description
                  "Flood summary LSAs into this NSSA area";
              }
              leaf no-summaries {
                type empty;
                description
                  "Don't flood summary LSAs into this NSSA area";
              }
            }  // choice summaries-choice

            list area-range {
              key "name";
              ordered-by user;
              description
                "Configure NSSA area ranges";
              leaf name {
                type jt:ipprefix;
                description
                  "Range to summarize NSSA routes in this area";
              }

              uses apply-advanced;

              leaf restrict {
                type empty;
                description
                  "Restrict advertisement of this area range";
              }

              leaf exact {
                type empty;
                description
                  "Enforce exact match for advertisement of this area range";
              }

              container override-metric {
                presence
                  "enable override-metric";
                description
                  "Override the dynamic metric for this area-range";
                uses apply-advanced;

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 16777215";
                    }
                  }
                  description "Metric value";
                }

                leaf metric-type {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 2";
                    }
                  }
                  default "1";
                  description
                    "Set the metric type for the override metric";
                }
              }  // container override-metric
            }  // list area-range
          }  // container nssa
        }  // choice stub-option

        list area-range {
          key "name";
          ordered-by user;
          description
            "Configure area ranges";
          leaf name {
            type jt:ipprefix;
            description
              "Range to summarize routes in this area";
          }

          uses apply-advanced;

          leaf restrict {
            type empty;
            description
              "Restrict advertisement of this area range";
          }

          leaf exact {
            type empty;
            description
              "Enforce exact match for advertisement of this area range";
          }

          leaf override-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 16777215";
              }
            }
            description
              "Override the dynamic metric for this area-range";
          }
        }  // list area-range

        leaf-list network-summary-export {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Export policy for Type 3 Summary LSAs";
        }

        leaf-list network-summary-import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy for Type 3 Summary LSAs";
        }

        leaf-list inter-area-prefix-export {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Export policy for Inter Area Prefix LSAs";
        }

        leaf-list inter-area-prefix-import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy for Inter Area Prefix LSAs";
        }

        leaf authentication-type {
          type enumeration {
            enum "none" {
              value 0;
              status deprecated;
              description
                "No authentication";
            }
            enum "simple" {
              value 1;
              status deprecated;
              description
                "Simple password authentication";
            }
            enum "md5" {
              value 2;
              status deprecated;
              description
                "MD5 authentication";
            }
          }
          status deprecated;
          description "Authentication type";
        }

        list virtual-link {
          junos:must "(".. .. area $$={0.0.0.0}")";
          junos:must-message "virtual link can be configured only under backbone area";
          key "neighbor-id transit-area";
          ordered-by user;
          description
            "Configure virtual links";
          leaf neighbor-id {
            type jt:ipv4addr;
            description
              "Router ID of a virtual neighbor";
          }

          leaf transit-area {
            type jt:areaid;
            description
              "Transit area in common with virtual neighbor";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable this virtual link";
            }
          }  // choice enable-disable

          leaf retransmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Retransmission interval (seconds)";
          }

          leaf transit-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Transit delay (seconds)";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Hello interval (seconds)";
          }

          leaf dead-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Dead interval (seconds)";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 65535";
              }
            }
            description
              "Maximum OSPF packet size";
          }

          choice auth {
            container authentication {
              uses juniper-ospf-authentication;
            }  // container authentication
            container authentication-key {
              status deprecated;
              description
                "Authentication key";
              leaf keyname {
                type jt:unreadable;
                description
                  "Authentication key value";
              }

              leaf key-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }
            }  // container authentication-key
          }  // choice auth

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          leaf no-neighbor-down-notification {
            type empty;
            description
              "Don't inform other protocols about neighbor down events";
          }

          leaf ipsec-sa {
            junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
            junos:must-message "Must not configure ipsec-sa for st0 interface";
            junos:must "("security ipsec security-association $$ manual")";
            junos:must-message "Referenced IPSec security association must be a manual SA";
            junos:must "("security ipsec security-association $$ mode transport")";
            junos:must-message "Referenced IPSec security association must be in transport mode";
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec security association must be defined";
            type string {
              length "1 .. 32";
            }
            description
              "IPSec security association name";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list virtual-link

        list sham-link-remote {
          key "name";
          ordered-by user;
          description
            "Configure parameters for remote sham link endpoint";
          leaf name {
            junos:must "(!(".. .. .. sham-link local $$"))";
            junos:must-message "Local and remote sham link endpoint addresses must be different";
            junos:must "(".. .. .. sham-link local")";
            junos:must-message "Local sham link endpoint must be configured";
            type jt:ipaddr;
            description
              "Remote sham link endpoint address";
          }

          uses apply-advanced;

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Sham link metric";
          }

          leaf ipsec-sa {
            junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
            junos:must-message "Must not configure ipsec-sa for st0 interface";
            junos:must "("security ipsec security-association $$ manual")";
            junos:must-message "Referenced IPSec security association must be a manual SA";
            junos:must "("security ipsec security-association $$ mode transport")";
            junos:must-message "Referenced IPSec security association must be in transport mode";
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec security association must be defined";
            type string {
              length "1 .. 32";
            }
            description
              "IPSec security association name";
          }

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list sham-link-remote

        list interface {
          key "name";
          ordered-by user;
          description
            "Include an interface in this area";
          leaf name {
            junos:must "((!(".. interface-type nbma") || (!(("interfaces $$" || any "logical-systems <*> interfaces $$")) || (any "interfaces $$-IFL family inet address <*>" || any "logical-systems <*> interfaces $$-IFL family inet address <*>"))))";
            junos:must-message "IPv4 address must be configured on the interface for nbma mode";
            type union {
              type jt:ipv4addr-or-interface;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF on this interface";
            }
          }  // choice enable-disable

          leaf interface-type {
            type enumeration {
              enum "nbma" {
                value 0;
                description
                  "Nonbroadcast multiaccess";
              }
              enum "p2mp" {
                value 1;
                description
                  "Point-to-multipoint NBMA";
              }
              enum "p2p" {
                value 2;
                description "Point-to-point";
              }
              enum "p2mp-over-lan" {
                value 3;
                description
                  "Point-to-multipoint over LAN mode";
              }
            }
            description "Type of interface";
          }

          choice protection-type {
            leaf link-protection {
              type empty;
              description
                "Protect interface from link faults only";
            }
            leaf node-link-protection {
              type empty;
              description
                "Protect interface from both link and node faults";
            }
          }  // choice protection-type

          leaf no-eligible-backup {
            type empty;
            description
              "Not eligible to backup traffic from protected interfaces";
          }

          leaf no-eligible-remote-backup {
            type empty;
            description
              "Not eligible for Remote-LFA backup traffic from protected interfaces";
          }

          container passive {
            presence "enable passive";
            description
              "Do not run OSPF, but advertise it";
            uses apply-advanced;

            container traffic-engineering {
              description
                "Advertise TE link information";
              uses apply-advanced;

              leaf remote-node-id {
                type jt:ipaddr;
                description
                  "Remote address of the link";
              }

              leaf remote-node-router-id {
                junos:must "(".. remote-node-id")";
                junos:must-message "remote-node-id must be configured";
                type jt:ipv4addr;
                description
                  "TE Router-ID of the remote node";
              }
            }  // container traffic-engineering
          }  // container passive

          leaf secondary {
            junos:must "(!(" .. ipsec-sa"))";
            junos:must-message "secondary interface cannot have ipsec-sa configured";
            junos:must "(!(" .. dynamic-neighbors"))";
            junos:must-message "secondary interface cannot have dynamic-neighbors configured";
            junos:must "(!(" .. neighbor"))";
            junos:must-message "secondary interface cannot have configured neighbors";
            junos:must "(!(" .. interface-type p2mp"))";
            junos:must-message "secondary interface cannot be set as type p2mp";
            junos:must "(!(" .. interface-type nbma"))";
            junos:must-message "secondary interface cannot be set as type nbma";
            junos:must "(!(" .. passive"))";
            junos:must-message "secondary interface cannot be configured passive";
            type empty;
            description
              "Treat interface as secondary";
          }

          leaf own-router-lsa {
            type empty;
            description
              "Generate a separate router LSA for this interface";
          }

          container bandwidth-based-metrics {
            junos:must "(".. metric")";
            junos:must-message "Metric must be configured";
            description
              "Configure bandwidth based metrics";
            uses apply-advanced;

            list bandwidth {
              key "name";
              description
                "Bandwidth threshold";
              leaf name {
                type string;
              }

              leaf metric {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Metric associated with specified bandwidth";
              }
            }  // list bandwidth
          }  // container bandwidth-based-metrics

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Interface metric";
          }

          leaf priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Designated router priority";
          }

          leaf retransmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Retransmission interval (seconds)";
          }

          leaf transit-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Transit delay (seconds)";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Hello interval (seconds)";
          }

          leaf dead-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Dead interval (seconds)";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 65535";
              }
            }
            description
              "Maximum OSPF packet size";
          }

          choice auth {
            container authentication {
              uses juniper-ospf-authentication;
            }  // container authentication
            container authentication-key {
              status deprecated;
              description
                "Authentication key";
              leaf keyname {
                type jt:unreadable;
                description
                  "Authentication key value";
              }

              leaf key-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }
            }  // container authentication-key
          }  // choice auth

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          leaf no-neighbor-down-notification {
            type empty;
            description
              "Don't inform other protocols about neighbor down events";
          }

          leaf ipsec-sa {
            junos:must "(!(any ".. .. interface <st*> ipsec-sa $$"))";
            junos:must-message "Must not configure ipsec-sa for st0 interface";
            junos:must "("security ipsec security-association $$ manual")";
            junos:must-message "Referenced IPSec security association must be a manual SA";
            junos:must "("security ipsec security-association $$ mode transport")";
            junos:must-message "Referenced IPSec security association must be in transport mode";
            junos:must "("security ipsec security-association $$")";
            junos:must-message "Referenced IPSec security association must be defined";
            type string {
              length "1 .. 32";
            }
            description
              "IPSec security association name";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology

          leaf transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            status deprecated;
            description
              "OSPF packet transmit interval (milliseconds)";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication

            leaf full-neighbors-only {
              type empty;
              description
                "Setup BFD sessions only to Full neighbors";
            }

            leaf holddown-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Time to hold the session-UP notification to the client";
            }
          }  // container bfd-liveness-detection

          leaf dynamic-neighbors {
            junos:must "(" .. interface-type p2mp")";
            junos:must-message "dynamic-neighbors option can be set only if the interface type is p2mp";
            type empty;
            description
              "Learn neighbors dynamically on a p2mp interface";
          }

          leaf no-advertise-adjacency-segment {
            type empty;
            description
              "Do not advertise an adjacency segment for this interface";
          }

          list neighbor {
            junos:must "(!(" .. dynamic-neighbors"))";
            junos:must-message "Neighbors cannot be specified manually if dynamic-neighbors is set";
            key "name";
            ordered-by user;
            description "NBMA neighbor";
            leaf name {
              type jt:ipaddr;
              description
                "Address of neighbor";
            }

            leaf eligible {
              type empty;
              description
                "Eligible to be DR on an NBMA network";
            }
          }  // list neighbor

          leaf poll-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Poll interval for NBMA interfaces";
          }

          leaf no-interface-state-traps {
            type empty;
            description
              "Do not send interface state change traps";
          }

          leaf strict-bfd {
            junos:must "(" .. bfd-liveness-detection")";
            junos:must-message "strict bfd cannot be configured without bfd.";
            junos:must "(!(" .. bfd-liveness-detection full-neighbors-only"))";
            junos:must-message "full-neighbors-only and strict-bfd cannot be configured together";
            type empty;
            description
              "Enable strict bfd over this interface";
          }

          container post-convergence-lfa {
            junos:must "("protocols ospf backup-spf-options use-post-convergence-lfa")";
            junos:must-message "Not allowed without 'protocols ospf backup-spf-options use-post-convergence-lfa'";
            presence
              "enable post-convergence-lfa";
            description
              "Protect interface using post-convergence backup path";
            uses apply-advanced;

            container node-protection {
              presence
                "enable node-protection";
              description
                "Compute backup path assuming node failure";
              uses apply-advanced;

              leaf cost {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Cost for node protection";
              }
            }  // container node-protection

            leaf srlg-protection {
              type empty;
              description
                "Compute backup path assuming SRLG failure";
            }

            leaf fate-sharing-protection {
              type empty;
              description
                "Compute backup path assuming fate-sharing group failure";
            }
          }  // container post-convergence-lfa

          leaf te-metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Traffic engineering metric";
          }

          container ldp-synchronization {
            presence
              "enable ldp-synchronization";
            description
              "Advertise maximum metric until LDP is operational";
            uses ldp-sync-obj;
          }  // container ldp-synchronization

          container ipv4-adjacency-segment {
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
            description
              "Configure ipv4 adjacency segment";
            uses apply-advanced;

            container protected {
              description
                "Adjacency SID is eligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container protected

            container unprotected {
              description
                "Adjacency SID uneligible for protection";
              choice adjsid-type {
                container index {
                  description
                    "Adjacency SID indexed from SRGB";
                  leaf index-number {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 199999";
                      }
                    }
                  }
                }  // container index
                leaf label {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "16 .. 1048575";
                    }
                  }
                  description
                    "Adjacency SID from static label pool";
                }
                leaf dynamic {
                  type empty;
                  description
                    "Dynamically allocate an adjacency segment";
                }
              }  // choice adjsid-type
            }  // container unprotected
          }  // container ipv4-adjacency-segment

          list lan-neighbor {
            junos:must "(!(".. ipv4-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if ipv4-adjacency-segment is configured in the same interface";
            junos:must "(!(".. no-advertise-adjacency-segment"))";
            junos:must-message "lan-neighbor can't be configured if no-advertise-adjacency-segment is configured in the same interface ";
            junos:must "(!(".. interface-type p2p"))";
            junos:must-message "lan-neighbor can't be configured for point-to-point interfaces";
            key "name";
            ordered-by user;
            description
              "Configuration specific to a LAN neighbor";
            leaf name {
              type jt:ipaddr;
              description
                "Address of neighbor";
            }

            uses apply-advanced;

            container ipv4-adjacency-segment {
              junos:must "(!(".. no-advertise-adjacency-segment"))";
              junos:must-message "ipv4-adjacency-segment can't be configured if no-advertise-adjacency-segment is configured in the same interface";
              description
                "Configure ipv4 adjacency segment";
              uses apply-advanced;

              container protected {
                description
                  "Adjacency SID is eligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container protected

              container unprotected {
                description
                  "Adjacency SID uneligible for protection";
                choice adjsid-type {
                  container index {
                    description
                      "Adjacency SID indexed from SRGB";
                    leaf index-number {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range
                            "0 .. 199999";
                        }
                      }
                    }
                  }  // container index
                  leaf label {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range
                          "16 .. 1048575";
                      }
                    }
                    description
                      "Adjacency SID from static label pool";
                  }
                  leaf dynamic {
                    type empty;
                    description
                      "Dynamically allocate an adjacency segment";
                  }
                }  // choice adjsid-type
              }  // container unprotected
            }  // container ipv4-adjacency-segment
          }  // list lan-neighbor
        }  // list interface

        leaf no-context-identifier-advertisement {
          junos:must "(!(".. context-identifier"))";
          junos:must-message "no-context-identifier-advertisement and context-identifier attributes are mutually exclusive";
          type empty;
          description
            "Disable context identifier advertisments in this area";
        }

        list peer-interface {
          key "name";
          ordered-by user;
          description
            "Configuration for peer interface";
          leaf name {
            type string;
            description
              "Name of peer interface";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF on this control peer";
            }
          }  // choice enable-disable

          leaf retransmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Retransmission interval (seconds)";
          }

          leaf transit-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Transit delay (seconds)";
          }

          leaf hello-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Hello interval (seconds)";
          }

          leaf dead-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Dead interval (seconds)";
          }

          leaf mtu {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "128 .. 65535";
              }
            }
            description
              "Maximum OSPF packet size";
          }

          choice auth {
            container authentication {
              uses juniper-ospf-authentication;
            }  // container authentication
            container authentication-key {
              status deprecated;
              description
                "Authentication key";
              leaf keyname {
                type jt:unreadable;
                description
                  "Authentication key value";
              }

              leaf key-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }
            }  // container authentication-key
          }  // choice auth

          leaf demand-circuit {
            type empty;
            description
              "Interface functions as a demand circuit";
          }

          leaf flood-reduction {
            type empty;
            description
              "Enable flood reduction";
          }

          leaf no-neighbor-down-notification {
            type empty;
            description
              "Don't inform other protocols about neighbor down events";
          }
        }  // list peer-interface

        leaf no-source-packet-routing {
          type empty;
          description
            "Disable SPRING in this area";
        }

        list context-identifier {
          junos:must "(!(".. no-context-identifier-advertisement"))";
          junos:must-message "no-context-identifier-advertisement and context-identifier attributes are mutually exclusive";
          key "name";
          ordered-by user;
          description
            "Configure context identifier in support of edge protection";
          leaf name {
            type jt:ipv4addr;
            description "Context identifier";
          }

          uses apply-advanced;
        }  // list context-identifier

        list label-switched-path {
          junos:must "(!(".. .. traffic-engineering multicast-rpf-routes"))";
          junos:must-message "cannot advertise LSPs when using multicast-rpf-routes";
          key "name";
          ordered-by user;
          description
            "Configuration for advertisement of a label-switched path";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description
              "Name of label-switched path to be advertised";
          }

          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable OSPF on this label-switched path";
            }
          }  // choice enable-disable

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Interface metric";
          }

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology specific attributes";
            leaf name {
              type string;
              description "Topology name";
            }

            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable this topology";
            }

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description "Topology metric";
            }

            container bandwidth-based-metrics {
              junos:must "(".. metric")";
              junos:must-message "Metric must be configured";
              description
                "Configure bandwidth based metrics";
              uses apply-advanced;

              list bandwidth {
                key "name";
                description
                  "Bandwidth threshold";
                leaf name {
                  type string;
                }

                leaf metric {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 65535";
                    }
                  }
                  description
                    "Metric associated with specified bandwidth";
                }
              }  // list bandwidth
            }  // container bandwidth-based-metrics
          }  // list topology
        }  // list label-switched-path
      }  // list area

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable OSPF";
        }
      }  // choice enable-disable

      container traceoptions {
        description "Trace options for OSPF";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "spf" {
                value 0;
                description
                  "Trace SPF calculations";
              }
              enum "error" {
                value 1;
                description
                  "Trace errored packets";
              }
              enum "event" {
                value 2;
                description
                  "Trace OSPF state machine events";
              }
              enum "packet-dump" {
                value 3;
                description
                  "Dump the contents of selected packet types";
              }
              enum "flooding" {
                value 4;
                description
                  "Trace LSA flooding";
              }
              enum "lsa-analysis" {
                value 5;
                description
                  "Trace LSA analysis";
              }
              enum "packets" {
                value 6;
                description
                  "Trace all OSPF packets";
              }
              enum "hello" {
                value 7;
                description
                  "Trace hello packets";
              }
              enum "database-description" {
                value 8;
                description
                  "Trace database description packets";
              }
              enum "lsa-request" {
                value 9;
                description
                  "Trace LSA request packets";
              }
              enum "lsa-update" {
                value 10;
                description
                  "Trace LSA update packets";
              }
              enum "lsa-ack" {
                value 11;
                description
                  "Trace LSA acknowledgment packets";
              }
              enum "ldp-synchronization" {
                value 12;
                description
                  "Trace synchronization between OSPF and LDP";
              }
              enum "on-demand" {
                value 13;
                description
                  "Trace demand circuit extensions";
              }
              enum "nsr-synchronization" {
                value 14;
                description
                  "Trace NSR synchronization events";
              }
              enum "graceful-restart" {
                value 15;
                description
                  "Trace graceful restart";
              }
              enum "restart-signaling" {
                value 16;
                description
                  "Trace restart signaling";
              }
              enum "backup-spf" {
                value 17;
                description
                  "Trace backup SPF (LFA) specific events";
              }
              enum "source-packet-routing" {
                value 18;
                description
                  "Trace source packet routing (SPRING) events";
              }
              enum "post-convergence-lfa" {
                value 19;
                description
                  "Trace post-convergence-lfa related events";
              }
              enum "flex-algorithm" {
                value 20;
                description
                  "Trace flex-algorithm related events";
              }
              enum "route" {
                value 21;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 22;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 23;
                description
                  "Trace general events";
              }
              enum "state" {
                value 24;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 25;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 26;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 27;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 28;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      container spf-options {
        description
          "Configure options for SPF";
        uses apply-advanced;

        leaf delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "50 .. 8000";
            }
          }
          units "milliseconds";
          description
            "Time to wait before running an SPF";
        }

        leaf holddown {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2000 .. 20000";
            }
          }
          units "milliseconds";
          description
            "Time to hold down before running an SPF";
        }

        leaf rapid-runs {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 10";
            }
          }
          description
            "Number of maximum rapid SPF runs before holddown";
        }

        leaf no-ignore-our-externals {
          type empty;
          description
            "Do not ignore self-generated external and NSSA LSAs";
        }
      }  // container spf-options

      leaf prefix-export-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        description
          "Maximum number of prefixes that can be exported";
      }

      container rib-groups {
        description
          "Routing table groups for importing OSPF routes";
        uses apply-advanced;

        leaf inet {
          junos:must "("routing-options rib-groups $$")";
          junos:must-message "Referenced rib-groups must be defined";
          junos:must "(!(".. topology $$={default} rib-group"))";
          junos:must-message "rib-group cannot be used with topology default rib-group";
          type string;
          description
            "Name of the IPv4/v6 routing table group";
        }

        leaf inet3 {
          junos:must "("routing-options rib-groups $$")";
          junos:must-message "Referenced rib-groups must be defined";
          junos:must "(!(".. topology $$={default} rib-group"))";
          junos:must-message "rib-group cannot be used with topology default rib-group";
          type string;
          description
            "Name of the IPv4/v6 inet.3 routing table group";
        }
      }  // container rib-groups

      leaf job-stats {
        type empty;
        description "Collect job statistics";
      }

      container overload {
        presence "enable overload";
        description
          "Set the overload mode (repel transit traffic)";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 3600";
            }
          }
          units "seconds";
          description
            "Time after which overload mode is reset";
        }

        leaf allow-route-leaking {
          type empty;
          description
            "Allow routes to be leaked when overload is configured";
        }

        leaf stub-network {
          type empty;
          description
            "Advertise Stub Network with maximum metric";
        }

        leaf intra-area-prefix {
          type empty;
          description
            "Advertise Intra Area Prefix with maximum metric";
        }

        leaf as-external {
          type empty;
          description
            "Advertise As External with maximum usable metric";
        }
      }  // container overload

      container database-protection {
        presence
          "enable database-protection";
        description
          "Configure database protection attributes";
        uses apply-advanced;

        leaf maximum-lsa {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1000000";
            }
          }
          description
            "Maximum allowed non self-generated LSAs";
        }

        leaf warning-only {
          type empty;
          description
            "Emit only a warning when LSA maximum limit is exceeded";
        }

        leaf warning-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "30 .. 100";
            }
          }
          units "percent";
          description
            "Percentage of LSA maximum above which to trigger warning";
        }

        leaf ignore-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 32";
            }
          }
          description
            "Maximum number of times to go into ignore state";
        }

        leaf ignore-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "30 .. 3600";
            }
          }
          units "seconds";
          description
            "Time to stay in ignore state and ignore all neighbors";
        }

        leaf reset-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 86400";
            }
          }
          units "seconds";
          description
            "Time after which the ignore count gets reset to zero";
        }
      }  // container database-protection

      container graceful-restart {
        description
          "Configure graceful restart attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable OSPF graceful restart capability";
          }
        }  // choice enable-disable

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          units "seconds";
          description
            "Time for all neighbors to become full";
        }

        leaf notify-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          units "seconds";
          description
            "Time to send all max-aged grace LSAs";
        }

        container helper-disable {
          presence "enable helper-disable";
          description
            "Disable graceful restart helper capability";
          uses apply-advanced;

          choice disable-choices {
            leaf standard {
              type empty;
              description
                "Disable helper-mode for rfc3623 based GR";
            }
            leaf restart-signaling {
              type empty;
              description
                "Disable helper mode for restart-signaling ";
            }
            leaf both {
              type empty;
              description
                "Disable helper mode for both the types of GR";
            }
          }  // choice disable-choices
        }  // container helper-disable

        leaf no-strict-lsa-checking {
          junos:must "(!(".. helper-disable"))";
          junos:must-message "To configure no-strict-lsa-checking, helper-disable must not be set";
          type empty;
          description
            "Do not abort graceful helper mode upon LSA changes";
        }
      }  // container graceful-restart

      leaf route-type-community {
        type enumeration {
          enum "iana" {
            value 0;
            description
              "BGP extended community value used is 0x0306";
          }
          enum "vendor" {
            value 1;
            description
              "Vendor BGP extended community value used is 0x8000";
          }
        }
        description
          "Specify BGP extended community value to encode OSPF route type";
      }

      container domain-id {
        description "Configure domain ID";
        choice domain_id_or_disable {
          leaf domain-id {
            type string;
            description "Domain ID";
          }
          leaf disable {
            type empty;
            description "Disable domain ID";
          }
        }  // choice domain_id_or_disable
      }  // container domain-id

      choice domain_vpn_tag_or_disable {
        leaf domain-vpn-tag {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Domain VPN tag for external LSA";
        }
        leaf no-domain-vpn-tag {
          type empty;
          description
            "Disable domain VPN tag";
        }
      }  // choice domain_vpn_tag_or_disable

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of internal routes";
      }

      leaf external-preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of external routes";
      }

      leaf labeled-preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of labeled routes";
      }

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Import policy (for external routes or setting priority)";
      }

      leaf reference-bandwidth {
        type string;
        description
          "Bandwidth for calculating metric defaults";
      }

      leaf lsa-refresh-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "25 .. 50";
          }
        }
        default "50";
        description
          "LSA refresh interval (minutes)";
      }

      leaf spf-delay {
        junos:must "(!(".. spf-options delay"))";
        junos:must-message "You can only configure either spf-delay or delay under spf-options";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "50 .. 8000";
          }
        }
        units "milliseconds";
        status deprecated;
        description
          "Time to wait before running an SPF";
      }

      leaf no-rfc-1583 {
        type empty;
        description
          "Disable RFC1583 compatibility";
      }

      leaf forwarding-address-to-broadcast {
        type empty;
        description
          "Set forwarding address in Type 5 LSA in broadcast network";
      }

      choice nssa-abr-option {
        leaf no-nssa-abr {
          type empty;
          description
            "Disable full NSSA functionality at ABR";
        }
      }  // choice nssa-abr-option

      container sham-link {
        presence "enable sham-link";
        description
          "Configure parameters for sham links";
        uses apply-advanced;

        leaf local {
          type jt:ipaddr;
          description
            "Local sham link endpoint address";
        }

        leaf no-advertise-local {
          type empty;
          status deprecated;
          description
            "Don't advertise local sham link endpoint as stub in router LSA";
        }
      }  // container sham-link
    }  // grouping juniper-protocols-ospf3

    grouping juniper-protocols-pim {
      uses apply-advanced;

      container family {
        description "Local address family";
        container any {
          presence "enable any";
          description
            "Default properties for all address families";
          uses apply-advanced;

          leaf disable {
            type empty;
            description
              "Disable all families";
          }
        }  // container any

        container inet {
          presence "enable inet";
          description
            "IPv4 specific properties";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable PIMv4 on all interfaces";
            }
          }  // choice enable-disable
        }  // container inet

        container inet6 {
          presence "enable inet6";
          description
            "IPv6 specific properties";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable PIMv6 on all interfaces";
            }
          }  // choice enable-disable
        }  // container inet6
      }  // container family

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable PIM";
        }
      }  // choice enable-disable

      container nonstop-routing {
        junos:must "("routing-options nonstop-routing")";
        junos:must-message "To disable PIM nonstop-routing, non-stop routing must be globally enabled.";
        description
          "Configure PIM nonstop-routing attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable non-stop routing for PIM";
          }
        }  // choice enable-disable
      }  // container nonstop-routing

      container traceoptions {
        description "Trace options for PIM";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "route" {
                value 0;
                description
                  "Trace routing information";
              }
              enum "packets" {
                value 1;
                description
                  "Trace all PIM packets";
              }
              enum "hello" {
                value 2;
                description
                  "Trace hello packets";
              }
              enum "register" {
                value 3;
                description
                  "Trace register/register-stop messages";
              }
              enum "join" {
                value 4;
                description
                  "Trace join/prune/graft/graft-ack messages";
              }
              enum "prune" {
                value 5;
                description
                  "Trace join/prune/graft/graft-ack messages";
              }
              enum "graft" {
                value 6;
                description
                  "Trace join/prune/graft/graft-ack messages";
              }
              enum "bootstrap" {
                value 7;
                description
                  "Trace bootstrap/RP/auto-RP messages";
              }
              enum "rp" {
                value 8;
                description
                  "Trace bootstrap/RP/auto-RP messages";
              }
              enum "autorp" {
                value 9;
                description
                  "Trace bootstrap/RP/auto-RP messages";
              }
              enum "assert" {
                value 10;
                description
                  "Trace assert messages";
              }
              enum "mdt" {
                value 11;
                description
                  "Trace messages related to multicast data tunnels";
              }
              enum "nsr-synchronization" {
                value 12;
                description
                  "Trace NSR synchronization events";
              }
              enum
                "bidirectional-df-election" {
                value 13;
                description
                  "Trace bidirectional PIM DF election events";
              }
              enum "mofrr" {
                value 14;
                description
                  "Trace Multicast only Fast Re-Route messages";
              }
              enum "normal" {
                value 15;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 16;
                description
                  "Trace general events";
              }
              enum "state" {
                value 17;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 18;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 19;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 20;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 21;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }

          container filter {
            presence "enable filter";
            description
              "Filter to apply to this flag";
            uses pim_filter_obj;
          }  // container filter
        }  // list flag
      }  // container traceoptions

      container dense-groups {
        description
          "Dense mode groups for sparse-dense mode";
        uses apply-advanced;

        leaf dynamic-reject {
          type empty;
          description
            "Reject dynamic autorp negative dense-mode prefixes learnt from network";
        }

        list pim-dense-group-type {
          key "name";
          ordered-by user;
          leaf name {
            type jt:ipprefix;
            description
              "Group address or range to forward in dense mode";
          }

          choice dense-group-flags {
            leaf reject {
              type empty;
              description
                "Do not include prefix as dense mode; force sparse mode";
            }
            leaf announce {
              type empty;
              description
                "Advertise as negative prefix in auto-RP announce messages";
            }
          }  // choice dense-group-flags
        }  // list pim-dense-group-type
      }  // container dense-groups

      leaf vpn-tunnel-source {
        type jt:ipv4addr;
        status deprecated;
        description
          "Source address for the provider space mGRE tunnel";
      }

      leaf vpn-group-address {
        junos:must "(!(".. .. .. provider-tunnel pim-ssm"))";
        junos:must-message "'provider-tunnel pim-ssm' can not be configured with 'pim vpn-group-address'. Please disable one of them.";
        junos:must "((!(".. .. .. provider-tunnel pim-asm") || ".. .. .. provider-tunnel pim-asm group-address $$"))";
        junos:must-message "MVPN inclusive provider-tunnel group-address must be same as 'vpn-group-address'";
        type jt:ipv4addr;
        status deprecated;
        description
          "Group address for the VPN in provider space";
      }

      leaf-list tunnel-devices {
        type union {
          type jt:interface-device;
          type string {
            pattern "<.*>|$.*";
          }
        }
        ordered-by user;
        description
          "Tunnel devices to be used for creating mt interfaces";
      }

      container rpf-selection {
        description "Select RPF neighbor";
        uses apply-advanced;

        list group {
          key "name";
          ordered-by user;
          description
            "IP prefix of multicast group";
          leaf name {
            type jt:ipprefix;
            description "IP prefix of group";
          }

          uses apply-advanced;

          container wildcard-source {
            presence
              "enable wildcard-source";
            description
              "Select RPF for (*,g) and unspecified (s,g) joins";
            uses apply-advanced;

            leaf next-hop {
              type jt:ipaddr;
              description "Next-hop address";
            }
          }  // container wildcard-source

          list source {
            key "name";
            ordered-by user;
            description
              "IP prefix of one or more multicast sources";
            leaf name {
              type jt:ipprefix;
              description
                "IP prefix of source";
            }

            uses apply-advanced;

            leaf next-hop {
              type jt:ipaddr;
              description "Next-hop address";
            }
          }  // list source
        }  // list group

        list prefix-list {
          key "name";
          ordered-by user;
          description
            "Multicast group prefix list";
          leaf name {
            junos:must "("policy-options prefix-list $$")";
            junos:must-message "This prefix-list must be configured in policy-options.";
            type string;
            description
              "Name of prefix list to match against";
          }

          uses apply-advanced;

          container wildcard-source {
            presence
              "enable wildcard-source";
            description
              "Select RPF for (*,g) and unspecified (s,g) joins";
            uses apply-advanced;

            leaf next-hop {
              type jt:ipaddr;
              description "Next-hop address";
            }
          }  // container wildcard-source

          list source {
            key "name";
            ordered-by user;
            description
              "IP prefix of one or more multicast sources";
            leaf name {
              type jt:ipprefix;
              description
                "IP prefix of source";
            }

            uses apply-advanced;

            leaf next-hop {
              type jt:ipaddr;
              description "Next-hop address";
            }
          }  // list source
        }  // list prefix-list
      }  // container rpf-selection

      container mvpn {
        presence "enable mvpn";
        description
          "PIM MVPN control-plane options";
        uses apply-advanced;

        container autodiscovery {
          junos:must "(!(".. .. vpn-group-address"))";
          junos:must-message "PIM MVPN autodiscovery options cannot be configured with 'vpn-group-address'";
          junos:must "(".. .. .. mvpn")";
          junos:must-message "Autodiscovery for PIM MVPNs requires 'protocols mvpn'";
          junos:must "(!(".. .. mdt"))";
          junos:must-message "PIM MVPN auto-discovery cannot be configured with 'pim mdt'";
          status deprecated;
          description
            "PE router autodiscovery options for SSM MDTs";
          uses apply-advanced;

          leaf inet-mdt {
            type empty;
            description
              "MDT-SAFI PE autodiscovery for SSM MDTs";
          }
        }  // container autodiscovery

        container family {
          description
            "PIM MVPN address family";
          uses apply-advanced;

          container inet {
            description
              "IPv4 PIM MVPN specific properties";
            uses apply-advanced;

            leaf rosen-mvpn {
              type empty;
              status deprecated;
            }

            leaf ngen-mvpn {
              junos:must "(".. .. .. .. .. mvpn")";
              junos:must-message "Requires 'protocols mvpn'";
              type empty;
              status deprecated;
            }

            container autodiscovery {
              junos:must "(!(".. .. .. .. vpn-group-address"))";
              junos:must-message "PIM MVPN autodiscovery options cannot be configured with 'vpn-group-address'";
              junos:must "(".. .. .. .. .. mvpn")";
              junos:must-message "Autodiscovery for PIM MVPNs requires 'protocols mvpn'";
              junos:must "(!(".. .. .. .. mdt"))";
              junos:must-message "PIM MVPN auto-discovery cannot be configured with 'pim mdt'";
              description
                "PE router autodiscovery options for SSM MDTs";
              uses apply-advanced;

              leaf inet-mdt {
                type empty;
                description
                  "MDT-SAFI PE autodiscovery for SSM MDTs";
              }
            }  // container autodiscovery

            leaf disable {
              type empty;
              description
                "Disable family IPv4";
            }
          }  // container inet

          container inet6 {
            description
              "IPv6 PIM MVPN specific properties";
            uses apply-advanced;

            leaf rosen-mvpn {
              type empty;
              status deprecated;
            }

            leaf ngen-mvpn {
              junos:must "(".. .. .. .. .. mvpn")";
              junos:must-message "Requires 'protocols mvpn'";
              type empty;
              status deprecated;
            }

            container autodiscovery {
              junos:must "(!(".. .. .. .. vpn-group-address"))";
              junos:must-message "PIM MVPN autodiscovery options cannot be configured with 'vpn-group-address'";
              junos:must "(".. .. .. .. .. mvpn")";
              junos:must-message "Autodiscovery for PIM MVPNs requires 'protocols mvpn'";
              junos:must "(!(".. .. .. .. mdt"))";
              junos:must-message "PIM MVPN auto-discovery cannot be configured with 'pim mdt'";
              description
                "PE router autodiscovery options for SSM MDTs";
              uses apply-advanced;

              leaf inet-mdt {
                type empty;
                description
                  "MDT-SAFI PE autodiscovery for SSM MDTs";
              }
            }  // container autodiscovery

            leaf disable {
              type empty;
              description
                "Disable family IPv6";
            }
          }  // container inet6
        }  // container family
      }  // container mvpn

      container rib-group {
        description "Routing table group";
        uses rib_group_type;
      }  // container rib-group

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description
          "PIM sparse import join policy";
      }

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description
          "PIM sparse export join policy";
      }

      container mldp-inband-signalling {
        junos:must "(!("system processes routing bgp rib-sharding"))";
        junos:must-message "Can't be configured together with rib-sharding";
        presence
          "enable mldp-inband-signalling";
        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "PIM MLDP join translation filter policy";
        }
      }  // container mldp-inband-signalling

      container rpf-vector {
        description "RPF vector TLV";
        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "RPF vector TLV include policy";
        }
      }  // container rpf-vector

      leaf assert-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "5 .. 210";
          }
        }
        default "180";
        description "Set assert timeout";
      }

      leaf assert-robust-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 5";
          }
        }
        default "2";
        description
          "Number of assert messages an assert winner sends in one cycle";
      }

      leaf join-prune-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "210 .. 420";
          }
        }
        default "210";
        description "Set join/prune timeout";
      }

      container spt-threshold {
        description
          "Set shortest-path-tree threshold policy";
        uses apply-advanced;

        leaf-list infinity {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Apply policy to always remain on shared tree";
        }
      }  // container spt-threshold

      container sglimit {
        description
          "Set limit on number of (S,G) states ";
        uses apply-advanced;

        list family {
          junos:must "(!(".. maximum"))";
          junos:must-message "Family wise threshold cannot be configuredif global threshold is already configured";
          key "name";
          ordered-by user;
          description "Protocol family";
          leaf name {
            type enumeration {
              enum "inet" {
                value 0;
                description "IPv4 family";
              }
              enum "inet6" {
                value 1;
                description "IPv6 family";
              }
            }
          }

          uses apply-advanced;

          leaf maximum {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum limit above which additional entries are not accepted";
          }

          leaf threshold {
            junos:must "(".. maximum")";
            junos:must-message "To configure threshold, maximum must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description
              "Percentage of maximum at which to start generating warnings";
          }

          leaf log-interval {
            junos:must "(".. maximum")";
            junos:must-message "To configure log-interval, maximum must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Time between successive log messages";
          }
        }  // list family

        leaf maximum {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Maximum limit above which additional entries are not accepted";
        }

        leaf threshold {
          junos:must "(".. maximum")";
          junos:must-message "To configure threshold, maximum must be configured";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 100";
            }
          }
          description
            "Percentage of maximum at which to start generating warnings";
        }

        leaf log-interval {
          junos:must "(".. maximum")";
          junos:must-message "To configure log-interval, maximum must be configured";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Time between successive log messages";
        }
      }  // container sglimit

      container rp {
        junos:must "(!(" .. passive"))";
        junos:must-message "pim rp cannot be configured with pim passive";
        description
          "Router's rendezvous point properties";
        uses apply-advanced;

        leaf bootstrap-priority {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255";
            }
          }
          description
            "Eligibility to be the bootstrap router (IPv4 only)";
        }

        leaf-list bootstrap-import {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Bootstrap import policy (IPv4 only)";
        }

        leaf-list bootstrap-export {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Bootstrap export policy (IPv4 only)";
        }

        container bootstrap {
          description "Bootstrap properties";
          uses apply-advanced;

          container family {
            description
              "Bootstrap address family";
            container inet {
              junos:must "(!((".. .. .. bootstrap-priority" || (".. .. .. bootstrap-import" || ".. .. .. bootstrap-export"))))";
              junos:must-message "Duplicate IPv4 bootstrap configuration";
              description
                "IPv4 bootstrap properties";
              uses pim_bootstrap_options_type;
            }  // container inet

            container inet6 {
              description
                "IPv6 bootstrap properties";
              uses pim_bootstrap_options_type;
            }  // container inet6
          }  // container family
        }  // container bootstrap

        container register-limit {
          description
            "Set limit on incoming registers that create (S,G) state";
          uses apply-advanced;

          list family {
            junos:must "(!(".. maximum"))";
            junos:must-message "Family wise threshold cannot be configuredif global threshold is already configured";
            key "name";
            ordered-by user;
            description "Protocol family";
            leaf name {
              type enumeration {
                enum "inet" {
                  value 0;
                  description "IPv4 family";
                }
                enum "inet6" {
                  value 1;
                  description "IPv6 family";
                }
              }
            }

            uses apply-advanced;

            leaf maximum {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum limit above which additional entries are not accepted";
            }

            leaf threshold {
              junos:must "(".. maximum")";
              junos:must-message "To configure threshold, maximum must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of maximum at which to start generating warnings";
            }

            leaf log-interval {
              junos:must "(".. maximum")";
              junos:must-message "To configure log-interval, maximum must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Time between successive log messages";
            }
          }  // list family

          leaf maximum {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum limit above which additional entries are not accepted";
          }

          leaf threshold {
            junos:must "(".. maximum")";
            junos:must-message "To configure threshold, maximum must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description
              "Percentage of maximum at which to start generating warnings";
          }

          leaf log-interval {
            junos:must "(".. maximum")";
            junos:must-message "To configure log-interval, maximum must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Time between successive log messages";
          }
        }  // container register-limit

        container group-rp-mapping {
          description "Group-rp-mapping";
          uses apply-advanced;

          list family {
            junos:must "(!(".. maximum"))";
            junos:must-message "Family wise threshold cannot be configuredif global threshold is already configured";
            key "name";
            ordered-by user;
            description "Protocol family";
            leaf name {
              type enumeration {
                enum "inet" {
                  value 0;
                  description "IPv4 family";
                }
                enum "inet6" {
                  value 1;
                  description "IPv6 family";
                }
              }
            }

            uses apply-advanced;

            leaf maximum {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum limit above which additional entries are not accepted";
            }

            leaf threshold {
              junos:must "(".. maximum")";
              junos:must-message "To configure threshold, maximum must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of maximum at which to start generating warnings";
            }

            leaf log-interval {
              junos:must "(".. maximum")";
              junos:must-message "To configure log-interval, maximum must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Time between successive log messages";
            }
          }  // list family

          leaf maximum {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum limit above which additional entries are not accepted";
          }

          leaf threshold {
            junos:must "(".. maximum")";
            junos:must-message "To configure threshold, maximum must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description
              "Percentage of maximum at which to start generating warnings";
          }

          leaf log-interval {
            junos:must "(".. maximum")";
            junos:must-message "To configure log-interval, maximum must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Time between successive log messages";
          }
        }  // container group-rp-mapping

        leaf-list rp-register-policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "RP policy applied to incoming register messages";
        }

        leaf-list dr-register-policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "DR policy applied to outgoing register messages";
        }

        container local {
          description
            "Router's local RP properties";
          uses apply-advanced;

          leaf address {
            type jt:ipv4addr;
            description
              "Local RP address (IPv4 only)";
          }

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable this RP (IPv4 only)";
            }
          }  // choice enable-disable

          leaf priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Router's priority for becoming an RP (IPv4 only)";
          }

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "How long neighbor considers this router to be up, in seconds (IPv4 only)";
          }

          list group-ranges {
            key "name";
            ordered-by user;
            description
              "Group address range for which this router can be an RP (IPv4 only)";
            leaf name {
              type jt:ipv4prefix;
            }

            uses apply-advanced;
          }  // list group-ranges

          leaf override {
            type empty;
            description
              "Static RP mapping will take precedence over dynamic";
          }

          leaf process-non-null-as-null-register {
            type empty;
            description
              "Process incoming non null registers as null registers";
          }

          container family {
            description
              "Local RP address family";
            container inet {
              description
                "IPv4 local RP properties";
              uses apply-advanced;

              leaf address {
                type jt:ipv4addr;
                description
                  "Local RP address";
              }

              choice enable-disable {
                leaf disable {
                  type empty;
                  description
                    "Disable this RP";
                }
              }  // choice enable-disable

              leaf priority {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Router's priority for becoming an RP";
              }

              leaf hold-time {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 65535";
                  }
                }
                description
                  "How long neighbor considers this router to be up, in seconds";
              }

              list group-ranges {
                key "name";
                ordered-by user;
                description
                  "Group address range for which this router can be an RP";
                leaf name {
                  type jt:ipv4prefix;
                }

                uses apply-advanced;
              }  // list group-ranges

              leaf override {
                type empty;
                description
                  "Static RP mapping will take precedence over dynamic";
              }

              container anycast-pim {
                description
                  "Attributes for IPv4 anycast PIM";
                uses apply-advanced;

                container rp-set {
                  description
                    "Rendezvous points belonging to anycast RP set";
                  uses apply-advanced;

                  list address {
                    key "name";
                    ordered-by user;
                    description
                      "IPv4 address of one or more remote anycast RPs";
                    leaf name {
                      type jt:ipaddr;
                      description
                        "IPv4 address of remote anycast RP";
                    }

                    uses apply-advanced;

                    leaf forward-msdp-sa {
                      type empty;
                      description
                        "Forward SAs learned from MSDP to this RP";
                    }
                  }  // list address
                }  // container rp-set

                leaf local-address {
                  type jt:ipaddr;
                  description
                    "Local address for replicating register messages to other RPs";
                }
              }  // container anycast-pim
            }  // container inet

            container inet6 {
              description
                "IPv6 local RP properties";
              uses apply-advanced;

              leaf address {
                type jt:ipv6addr;
                description
                  "Local RP address";
              }

              choice enable-disable {
                leaf disable {
                  type empty;
                  description
                    "Disable this RP";
                }
              }  // choice enable-disable

              leaf priority {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Router's priority for becoming an RP";
              }

              leaf hold-time {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 65535";
                  }
                }
                description
                  "How long neighbor considers this router to be up, in seconds";
              }

              list group-ranges {
                key "name";
                ordered-by user;
                description
                  "Group address range for which this router can be an RP";
                leaf name {
                  type jt:ipv6prefix;
                }

                uses apply-advanced;
              }  // list group-ranges

              leaf override {
                type empty;
                description
                  "Static RP mapping will take precedence over dynamic";
              }

              container anycast-pim {
                description
                  "Attributes for IPv6 anycast PIM";
                uses apply-advanced;

                container rp-set {
                  description
                    "Rendezvous points belonging to anycast RP set";
                  uses apply-advanced;

                  list address {
                    key "name";
                    ordered-by user;
                    description
                      "IPv6 address of one or more remote anycast RPs";
                    leaf name {
                      type jt:ipv6addr;
                      description
                        "IPv6 address of remote anycast RP";
                    }

                    uses apply-advanced;
                  }  // list address
                }  // container rp-set

                leaf local-address {
                  type jt:ipv6addr;
                  description
                    "Local address for replicating register messages to other RPs";
                }
              }  // container anycast-pim
            }  // container inet6
          }  // container family
        }  // container local

        container embedded-rp {
          presence "enable embedded-rp";
          description
            "Set embedded-RP mode (IPv6 only)";
          uses apply-advanced;

          list group-ranges {
            key "name";
            ordered-by user;
            description
              "Group address range of RP";
            uses pim_rp_group_range_type;
          }  // list group-ranges

          leaf maximum-rps {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 500";
              }
            }
            default "100";
            description
              "Maximum number of embedded RPs";
          }
        }  // container embedded-rp

        container auto-rp {
          description
            "Set auto-RP mode (IPv4 only)";
          uses apply-advanced;

          choice autorp-mode {
            leaf discovery {
              type empty;
              description
                "Listen for auto-RP discovery messages";
            }
            leaf announce {
              type empty;
              description
                "Transmit auto-RP announcement messages";
            }
            leaf mapping {
              type empty;
              description
                "Transmit auto-RP mapping messages";
            }
          }  // choice autorp-mode

          choice mapping-agent-election-choice {
            leaf mapping-agent-election {
              type empty;
              description
                "Consider higher-addressed mapping agents as authoritative";
            }
            leaf no-mapping-agent-election {
              type empty;
              description
                "Don't consider higher-addressed mapping agents as authoritative";
            }
          }  // choice mapping-agent-election-choice
        }  // container auto-rp

        container static {
          description
            "Configure static PIM RPs";
          uses apply-advanced;

          list address {
            key "name";
            ordered-by user;
            description "RP address";
            leaf name {
              type jt:ipaddr;
              description "IP address of RP";
            }

            uses apply-advanced;

            leaf version {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2";
                }
              }
              status deprecated;
              description
                "PIM version of RP";
            }

            list group-ranges {
              key "name";
              ordered-by user;
              description
                "Group address range of RP";
              uses pim_rp_group_range_type;
            }  // list group-ranges

            leaf override {
              type empty;
              description
                "Static RP mapping will take precedence over dynamic";
            }
          }  // list address
        }  // container static
      }  // container rp

      leaf passive {
        junos:must "(!(any ".. interface <*> distributed-dr"))";
        junos:must-message "pim passive cannot be configured with pim distributed-dr";
        junos:must "(!(" .. rp"))";
        junos:must-message "pim passive cannot be configured with pim rp";
        type empty;
        description
          "Configure PIM protocol in passive mode";
      }

      list interface {
        key "name";
        ordered-by user;
        description "PIM interface options";
        leaf name {
          junos:must "(((("routing-options multicast interface $$ disable" || ("routing-options multicast interface $$ maximum-bandwidth" || ("routing-options multicast interface $$ nexthop-unicast-address" || ("routing-options multicast interface $$ reverse-oif-mapping" || ("routing-options multicast interface $$ subscriber-leave-timer" || "routing-options multicast interface $$ no-qos-adjust"))))) && !("routing-options multicast interface $$ enable")) || ("protocols pim interface $$ disable" || !(("routing-options multicast interface $$" || "routing-options multicast interface $$ enable")))))";
          junos:must-message "Multicast cannot be enabled on the same interface in the [edit routing-options] hierarchy";
          type string;
          description "Interface name";
        }

        uses apply-advanced;

        container family {
          description "Local address family";
          container any {
            presence "enable any";
            description
              "Default properties for all families";
            uses apply-advanced;

            leaf disable {
              type empty;
              description
                "Disable all families";
            }
          }  // container any

          container inet {
            presence "enable inet";
            description
              "IPv4 specific properties";
            uses apply-advanced;

            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time

              container authentication {
                description
                  "Authentication options";
                uses apply-advanced;

                leaf key-chain {
                  junos:must "(".. algorithm")";
                  junos:must-message "May not be configured without algorithm";
                  junos:must "("security authentication-key-chains key-chain $$")";
                  junos:must-message "Referenced key-chain must be defined";
                  type string;
                  description
                    "Key chain name";
                }

                leaf algorithm {
                  junos:must "(".. key-chain")";
                  junos:must-message "May not be configured without key-chain";
                  type enumeration {
                    enum "simple-password" {
                      value 0;
                      description
                        "Simple password";
                    }
                    enum "keyed-md5" {
                      value 1;
                      description
                        "Keyed message Digest 5";
                    }
                    enum
                      "meticulous-keyed-md5" {
                      value 2;
                      description
                        "Meticulous keyed message Digest 5";
                    }
                    enum "keyed-sha-1" {
                      value 3;
                      description
                        "Keyed secure hash algorithm (SHA1) ";
                    }
                    enum
                      "meticulous-keyed-sha-1" {
                      value 4;
                      description
                        "Meticulous keyed secure hash algorithm (SHA1) ";
                    }
                  }
                  description
                    "Algorithm name";
                }

                leaf loose-check {
                  type empty;
                  description
                    "Verify authentication only if authentication is negotiated";
                }
              }  // container authentication
            }  // container bfd-liveness-detection

            leaf mcae-mac-synchronize {
              type empty;
              description
                "Mclag mac synchronization";
            }

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable PIMv4 on this interface";
              }
            }  // choice enable-disable
          }  // container inet

          container inet6 {
            presence "enable inet6";
            description
              "IPv6 specific properties";
            uses apply-advanced;

            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time

              container authentication {
                description
                  "Authentication options";
                uses apply-advanced;

                leaf key-chain {
                  junos:must "(".. algorithm")";
                  junos:must-message "May not be configured without algorithm";
                  junos:must "("security authentication-key-chains key-chain $$")";
                  junos:must-message "Referenced key-chain must be defined";
                  type string;
                  description
                    "Key chain name";
                }

                leaf algorithm {
                  junos:must "(".. key-chain")";
                  junos:must-message "May not be configured without key-chain";
                  type enumeration {
                    enum "simple-password" {
                      value 0;
                      description
                        "Simple password";
                    }
                    enum "keyed-md5" {
                      value 1;
                      description
                        "Keyed message Digest 5";
                    }
                    enum
                      "meticulous-keyed-md5" {
                      value 2;
                      description
                        "Meticulous keyed message Digest 5";
                    }
                    enum "keyed-sha-1" {
                      value 3;
                      description
                        "Keyed secure hash algorithm (SHA1) ";
                    }
                    enum
                      "meticulous-keyed-sha-1" {
                      value 4;
                      description
                        "Meticulous keyed secure hash algorithm (SHA1) ";
                    }
                  }
                  description
                    "Algorithm name";
                }

                leaf loose-check {
                  type empty;
                  description
                    "Verify authentication only if authentication is negotiated";
                }
              }  // container authentication
            }  // container bfd-liveness-detection

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable PIMv6 on this interface";
              }
            }  // choice enable-disable
          }  // container inet6
        }  // container family

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable PIM on this interface";
          }
        }  // choice enable-disable

        leaf mode {
          type enumeration {
            enum "dense" {
              value 0;
              description "Dense mode";
            }
            enum "sparse" {
              value 1;
              description "Sparse mode";
            }
            enum "sparse-dense" {
              value 2;
              description
                "Sparse-dense mode";
            }
            enum "bidirectional-sparse" {
              junos:must "((!(".. .. .. .. .. .. routing-instances") || any ".. .. .. .. .. .. routing-instances <*> instance-type virtual-router"))";
              junos:must-message "Only master instance and routing-instances of type virtual-router support PIM-BIDIR.";
              junos:must "(!(".. version $$={1}"))";
              junos:must-message "PIM Bidirectional is not supported by PIMv1.";
              value 3;
              description
                "Bidirectional-sparse mode";
            }
            enum
              "bidirectional-sparse-dense" {
              junos:must "((!(".. .. .. .. .. .. routing-instances") || any ".. .. .. .. .. .. routing-instances <*> instance-type virtual-router"))";
              junos:must-message "Only master instance and routing-instances of type virtual-router support PIM-BIDIR.";
              junos:must "(!(".. version $$={1}"))";
              junos:must-message "PIM Bidirectional is not supported by PIMv1.";
              value 4;
              description
                "Bidirectional-sparse-dense mode";
            }
          }
          description "Mode of interface";
        }

        leaf priority {
          junos:must "((!(".. mode dense") || (".. mode dense" && "protocols igmp interface ${interface} version 1")))";
          junos:must-message "PIM DR Priority cannot be configured in Dense Mode unless IGMP V1 is configured";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Hello option DR priority";
        }

        container stickydr {
          presence "enable stickydr";
          description "Make DR sticky";
          uses apply-advanced;
        }  // container stickydr

        container multiple-triggered-joins {
          presence
            "enable multiple-triggered-joins";
          description
            "Send multiple pim triggered joins in quick intervals";
          uses apply-advanced;

          leaf count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "2 .. 15";
              }
            }
            default "2";
            description
              "Set number of triggered joins to be sent";
          }

          leaf interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "100 .. 1000";
              }
            }
            default "100";
            description
              "Set interval between multiple triggered joins to be sent in milliseconds";
          }
        }  // container multiple-triggered-joins

        leaf version {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 2";
            }
          }
          status deprecated;
          description "Force PIM version";
        }

        leaf hello-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255";
            }
          }
          units "seconds";
          description "Hello interval";
        }

        leaf-list neighbor-policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "PIM neighbor policy applied to incoming hello messages";
        }

        leaf-list accept-join-always-from {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Accept pim join/prune messages based on the policy configured";
        }

        leaf accept-remote-source {
          type empty;
          description
            "Accept traffic from remote source";
        }

        container dual-dr {
          junos:must "(!(" .. distributed-dr"))";
          junos:must-message "pim dual-dr cannot be configured with pim distributed-dr";
          presence "enable dual-dr";
          description
            "Configure PIM Dual DR";
          uses apply-advanced;

          leaf enhanced {
            type empty;
            description
              "Enable enhanced PIM Dual DR";
          }
        }  // container dual-dr

        leaf distributed-dr {
          junos:must "(!(".. .. .. passive"))";
          junos:must-message "pim distributed-dr cannot be configured with pim passive";
          junos:must "(!(" .. dual-dr"))";
          junos:must-message "pim distributed-dr cannot be configured with pim dual-dr";
          type empty;
          description "PIM Distributed DR";
        }

        leaf reset-tracking-bit {
          type empty;
          description
            "Clear tracking-bit in PIM Hello LAN Prune Delay Option";
        }

        leaf propagation-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "250 .. 2000";
            }
          }
          units "milliseconds";
          default "500";
          description
            "Propagation delay value";
        }

        leaf override-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "500 .. 6000";
            }
          }
          units "milliseconds";
          default "2000";
          description
            "Override interval value";
        }

        container bfd-liveness-detection {
          status deprecated;
          description
            "Bidirectional Forwarding Detection options (ipv4 only)";
          uses apply-advanced;

          leaf version {
            type enumeration {
              enum "0" {
                value 0;
                description
                  "BFD version 0 (deprecated)";
              }
              enum "1" {
                value 1;
                description "BFD version 1";
              }
              enum "automatic" {
                value 2;
                description
                  "Choose BFD version automatically";
              }
            }
            default "automatic";
            description
              "BFD protocol version number";
          }

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit and receive interval";
          }

          leaf minimum-transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            status deprecated;
            description
              "Minimum transmit interval";
          }

          leaf minimum-receive-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum receive interval";
          }

          leaf multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            default "3";
            description
              "Detection time multiplier";
          }

          choice adaptation-choice {
            leaf no-adaptation {
              type empty;
              description
                "Disable adaptation";
            }
          }  // choice adaptation-choice

          container transmit-interval {
            description
              "Transmit-interval options";
            uses apply-advanced;

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit interval";
            }

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High transmit interval triggering a trap";
            }
          }  // container transmit-interval

          container detection-time {
            description
              "Detection-time options";
            uses apply-advanced;

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High detection-time triggering a trap";
            }
          }  // container detection-time

          container authentication {
            description
              "Authentication options";
            uses apply-advanced;

            leaf key-chain {
              junos:must "(".. algorithm")";
              junos:must-message "May not be configured without algorithm";
              junos:must "("security authentication-key-chains key-chain $$")";
              junos:must-message "Referenced key-chain must be defined";
              type string;
              description "Key chain name";
            }

            leaf algorithm {
              junos:must "(".. key-chain")";
              junos:must-message "May not be configured without key-chain";
              type enumeration {
                enum "simple-password" {
                  value 0;
                  description
                    "Simple password";
                }
                enum "keyed-md5" {
                  value 1;
                  description
                    "Keyed message Digest 5";
                }
                enum "meticulous-keyed-md5" {
                  value 2;
                  description
                    "Meticulous keyed message Digest 5";
                }
                enum "keyed-sha-1" {
                  value 3;
                  description
                    "Keyed secure hash algorithm (SHA1) ";
                }
                enum
                  "meticulous-keyed-sha-1" {
                  value 4;
                  description
                    "Meticulous keyed secure hash algorithm (SHA1) ";
                }
              }
              description "Algorithm name";
            }

            leaf loose-check {
              type empty;
              description
                "Verify authentication only if authentication is negotiated";
            }
          }  // container authentication
        }  // container bfd-liveness-detection
      }  // list interface

      container mdt {
        junos:must "((!(" .. .. mvpn") || ".. mvpn family inet rosen-mvpn"))";
        junos:must-message "Data tunnels cannot be configured with 'protocols mvpn'";
        status deprecated;
        description
          "Configure multicast data tunnel parameters";
        uses apply-advanced;

        container threshold {
          description
            "Threshold for creation of multicast tunnels";
          uses apply-advanced;

          list group {
            key "name";
            ordered-by user;
            description
              "IP prefix of multicast group";
            leaf name {
              type jt:ipprefix;
              description
                "IP prefix of group";
            }

            uses apply-advanced;

            list source {
              key "name";
              ordered-by user;
              description
                "IP prefix of one or more multicast sources ";
              leaf name {
                type jt:ipprefix;
                description
                  "IP prefix of source";
              }

              uses apply-advanced;

              leaf rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "10 .. 1000000";
                  }
                }
                units "kilobits";
                description
                  "Data threshold to create new tunnel";
              }
            }  // list source
          }  // list group
        }  // container threshold

        leaf data-mdt-reuse {
          type empty;
          description
            "Allow multiple customer streams to be transmitted over one data tunnel ";
        }

        leaf tunnel-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 8192";
            }
          }
          description
            "Maximum multicast data tunnels";
        }

        leaf group-range {
          type jt:ipprefix;
          description
            "Group address range for multicast data tunnels";
        }
      }  // container mdt

      container graceful-restart {
        description
          "Configure graceful restart attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable PIM graceful restart capability";
          }
        }  // choice enable-disable

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 300";
            }
          }
          units "seconds";
          description
            "Maximum time for graceful restart to finish (seconds)";
        }

        leaf no-bidirectional-mode {
          type empty;
          description
            "Disable PIM graceful restart for bidirectional mode";
        }

        leaf restart-complete-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 300";
            }
          }
          units "seconds";
          description
            "Maximum time for graceful restart to complete (seconds)";
        }
      }  // container graceful-restart

      container join-load-balance {
        presence "enable join-load-balance";
        description
          "Configure PIM join load balancing";
        uses apply-advanced;

        leaf automatic {
          type empty;
          description
            "Enable automatic PIM join load balancing";
        }
      }  // container join-load-balance

      leaf standby-path-creation-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 300";
          }
        }
        units "seconds";
        description
          "Amount of time to wait before creating standby path";
      }

      leaf idle-standby-path-switchover-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 300";
          }
        }
        units "seconds";
        description
          "Amount of time to wait before switching over to idle standby path";
      }

      leaf dr-election-on-p2p {
        type empty;
        description
          "Enable DR election on Point-to-Point Interfaces";
      }

      leaf no-wildcard-register-stop {
        type empty;
        description
          "Disable sending of wildcard register stop message";
      }

      leaf nexthop-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1000";
          }
        }
        units "milliseconds";
        description
          "Nexthop hold time in milliseconds";
      }

      leaf mpls-internet-multicast {
        junos:must "(any "routing-instances <*> instance-type mpls-internet-multicast")";
        junos:must-message "The mpls-internet-multicast instance must be configured to support multicast over MPLS";
        type empty;
        description
          "Enable support for Internet Multicast over MPLS";
      }

      container join-make-before-break {
        description
          "Enable PIM Join Make-Before-Break during RPF neighbor change";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable Make-Before-Break for PIM RPF neighbor change";
          }
        }  // choice enable-disable
      }  // container join-make-before-break

      leaf reset-tracking-bit {
        type empty;
        description
          "Clear tracking-bit in PIM Hello LAN Prune Delay Option";
      }

      leaf propagation-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "250 .. 2000";
          }
        }
        units "milliseconds";
        default "500";
        description
          "Propagation delay value";
      }

      leaf override-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "500 .. 6000";
          }
        }
        units "milliseconds";
        default "2000";
        description
          "Override interval value";
      }

      container default-vpn-source {
        presence "enable default-vpn-source";
        description
          "Let all VRFs use master loopback address for mt interfaces";
        uses apply-advanced;

        leaf interface-name {
          junos:must "("interfaces $$-IFL family inet address")";
          junos:must-message "Family inet address should be configured on this loopback interface";
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Master loopback interface name";
        }
      }  // container default-vpn-source
    }  // grouping juniper-protocols-pim

    grouping juniper-protocols-pim-snooping {
      description "PIM snooping options";
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for PIM Snooping";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all PIM packets";
              }
              enum "hello" {
                value 1;
                description
                  "Trace hello packets";
              }
              enum "join" {
                value 2;
                description
                  "Trace join messages";
              }
              enum "prune" {
                value 3;
                description
                  "Trace prune messages";
              }
              enum "route" {
                value 4;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 5;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 6;
                description
                  "Trace general events";
              }
              enum "state" {
                value 7;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 8;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 9;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 10;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 11;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf no-dr-flood {
        type empty;
        description
          "Disable default flooding of multicast data on the PIM designated router port";
      }

      list vlan {
        key "name";
        ordered-by user;
        description "Vlan options";
        leaf name {
          junos:must "(".. .. .. .. vlan-id all")";
          junos:must-message "vlan specific configuration is allowed with qualified-learning only";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 1023";
            }
          }
          description
            "Vlan_id of the learning-domain";
        }

        uses apply-advanced;

        leaf no-dr-flood {
          type empty;
          description
            "Disable default flooding of multicast data on the PIM DR port";
        }
      }  // list vlan
    }  // grouping juniper-protocols-pim-snooping

    grouping juniper-protocols-rip {
      uses apply-advanced;

      container traceoptions {
        description "Trace options for RIP";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "auth" {
                value 0;
                description
                  "Trace RIP authentication";
              }
              enum "error" {
                value 1;
                description
                  "Trace RIP errors";
              }
              enum "expiration" {
                value 2;
                description
                  "Trace RIP route expiration processing";
              }
              enum "holddown" {
                value 3;
                description
                  "Trace RIP hold-down processing";
              }
              enum "packets" {
                value 4;
                description
                  "Trace all RIP packets";
              }
              enum "request" {
                value 5;
                description
                  "Trace RIP information packets";
              }
              enum "trigger" {
                value 6;
                description
                  "Trace RIP triggered updates";
              }
              enum "update" {
                value 7;
                description
                  "Trace RIP update packets";
              }
              enum "nsr-synchronization" {
                value 8;
                description
                  "Trace NSR synchronization events";
              }
              enum "route" {
                value 9;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 10;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 11;
                description
                  "Trace general events";
              }
              enum "state" {
                value 12;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 13;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 14;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 15;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 16;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }

          container filter {
            presence "enable filter";
            description
              "Filter to apply to this flag";
            uses rip_filter_obj;
          }  // container filter
        }  // list flag
      }  // container traceoptions

      container rib-group {
        description
          "Routing table group for importing RIP routes";
        uses rib_group_inet_type;
      }  // container rib-group

      leaf metric-in {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 15";
          }
        }
        description
          "Metric value to add to incoming routes";
      }

      container send {
        description
          "Configure RIP send options";
        choice send-opts {
          leaf broadcast {
            type empty;
            description
              "Broadcast RIPv2 packets (RIPv1 compatible)";
          }
          leaf multicast {
            type empty;
            description
              "Multicast RIPv2 packets";
          }
          leaf none {
            type empty;
            description
              "Do not send RIP updates";
          }
          leaf version-1 {
            type empty;
            description
              "Broadcast RIPv1 packets";
          }
        }  // choice send-opts
      }  // container send

      container receive {
        description
          "Configure RIP receive options";
        choice receive-opts {
          leaf both {
            type empty;
            description
              "Accept both RIPv1 and RIPv2 packets";
          }
          leaf none {
            type empty;
            description
              "Do not receive RIP packets";
          }
          leaf version-1 {
            type empty;
            description
              "Accept RIPv1 packets only";
          }
          leaf version-2 {
            type empty;
            description
              "Accept only RIPv2 packets";
          }
        }  // choice receive-opts
      }  // container receive

      choice check-zero-choice {
        leaf check-zero {
          type empty;
          description
            "Check reserved fields on incoming RIPv2 packets";
        }
        leaf no-check-zero {
          type empty;
          description
            "Don't check reserved fields on incoming RIPv2 packets";
        }
      }  // choice check-zero-choice

      leaf message-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "25 .. 255";
          }
        }
        description
          "Number of route entries per update message";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }

      leaf holddown {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 180";
          }
        }
        units "seconds";
        description "Hold-down time";
      }

      leaf route-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "30 .. 360";
          }
        }
        units "seconds";
        description
          "Delay before routes time out";
      }

      leaf update-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 60";
          }
        }
        units "seconds";
        description
          "Interval between regular route updates";
      }

      choice authentication {
        leaf authentication-type {
          type enumeration {
            enum "none" {
              value 0;
              description
                "No authentication";
            }
            enum "simple" {
              value 1;
              description
                "Simple password authentication";
            }
            enum "md5" {
              value 2;
              description
                "MD5 authentication";
            }
          }
        }
        list authentication-selective-md5 {
          key "name";
          ordered-by user;
          description
            "MD5 authentication with one or more keys";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Key ID for MD5 authentication";
          }

          leaf key {
            type jt:unreadable;
            description
              "MD5 authentication key value";
          }

          leaf start-time {
            type jt:time;
            description
              "Start time for key transmission (YYYY-MM-DD.HH:MM)";
          }
        }  // list authentication-selective-md5
      }  // choice authentication

      leaf authentication-key {
        junos:must "(!(".. authentication-selective-md5"))";
        junos:must-message "Key already provided for selective-md5";
        type jt:unreadable;
        description
          "Authentication key (password)";
      }

      list group {
        key "name";
        ordered-by user;
        description "Instance configuration";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,48}$";
            junos:pattern-message "Must be a string of at most 48 characters";
          }
          description "Group name";
        }

        uses apply-advanced;

        leaf route-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 360";
            }
          }
          units "seconds";
          description
            "Delay before routes time out";
        }

        leaf update-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 60";
            }
          }
          units "seconds";
          description
            "Interval between regular route updates";
        }

        leaf preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of routes learned by this group";
        }

        leaf metric-out {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 15";
            }
          }
          description
            "Default metric of exported routes";
        }

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description "Export policy";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }

        leaf demand-circuit {
          junos:must "(!(".. .. authentication-selective-md5"))";
          junos:must-message "selective-md5 isn't supported with demand-circuit,opt for 'authentication-type md5' instead";
          type empty;
          description
            "Enable demand circuit on this interface";
        }

        leaf max-retrans-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 180";
            }
          }
          description
            "Maximum time to re-transmit a message in demand-circuit";
        }

        container bfd-liveness-detection {
          description
            "Bidirectional Forwarding Detection options";
          uses apply-advanced;

          leaf version {
            type enumeration {
              enum "0" {
                value 0;
                description
                  "BFD version 0 (deprecated)";
              }
              enum "1" {
                value 1;
                description "BFD version 1";
              }
              enum "automatic" {
                value 2;
                description
                  "Choose BFD version automatically";
              }
            }
            default "automatic";
            description
              "BFD protocol version number";
          }

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit and receive interval";
          }

          leaf minimum-transmit-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            status deprecated;
            description
              "Minimum transmit interval";
          }

          leaf minimum-receive-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum receive interval";
          }

          leaf multiplier {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            default "3";
            description
              "Detection time multiplier";
          }

          choice adaptation-choice {
            leaf no-adaptation {
              type empty;
              description
                "Disable adaptation";
            }
          }  // choice adaptation-choice

          container transmit-interval {
            description
              "Transmit-interval options";
            uses apply-advanced;

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit interval";
            }

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High transmit interval triggering a trap";
            }
          }  // container transmit-interval

          container detection-time {
            description
              "Detection-time options";
            uses apply-advanced;

            leaf threshold {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "milliseconds";
              description
                "High detection-time triggering a trap";
            }
          }  // container detection-time

          container authentication {
            description
              "Authentication options";
            uses apply-advanced;

            leaf key-chain {
              junos:must "(".. algorithm")";
              junos:must-message "May not be configured without algorithm";
              junos:must "("security authentication-key-chains key-chain $$")";
              junos:must-message "Referenced key-chain must be defined";
              type string;
              description "Key chain name";
            }

            leaf algorithm {
              junos:must "(".. key-chain")";
              junos:must-message "May not be configured without key-chain";
              type enumeration {
                enum "simple-password" {
                  value 0;
                  description
                    "Simple password";
                }
                enum "keyed-md5" {
                  value 1;
                  description
                    "Keyed message Digest 5";
                }
                enum "meticulous-keyed-md5" {
                  value 2;
                  description
                    "Meticulous keyed message Digest 5";
                }
                enum "keyed-sha-1" {
                  value 3;
                  description
                    "Keyed secure hash algorithm (SHA1) ";
                }
                enum
                  "meticulous-keyed-sha-1" {
                  value 4;
                  description
                    "Meticulous keyed secure hash algorithm (SHA1) ";
                }
              }
              description "Algorithm name";
            }

            leaf loose-check {
              type empty;
              description
                "Verify authentication only if authentication is negotiated";
            }
          }  // container authentication
        }  // container bfd-liveness-detection

        list neighbor {
          key "name";
          ordered-by user;
          description
            "Neighbor configuration";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf route-timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "30 .. 360";
              }
            }
            units "seconds";
            description
              "Delay before routes time out";
          }

          leaf update-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 60";
              }
            }
            units "seconds";
            description
              "Interval between regular route updates";
          }

          leaf interface-type {
            type enumeration {
              enum "p2mp" {
                junos:must "(!(".. .. .. authentication-selective-md5"))";
                junos:must-message "selective-md5 isn't supported with 'interface-type p2mp', opt for 'authentication-type md5' instead";
                value 0;
                description
                  "Point-to-multipoint link";
              }
            }
            description
              "Interface type for the neighbor";
          }

          leaf dynamic-peers {
            junos:must "(" .. interface-type p2mp")";
            junos:must-message "dynamic-peers option can be set only if the interface type is p2mp";
            type empty;
            description
              "Learn peers dynamically on a p2mp interface";
          }

          list peer {
            junos:must "(" .. interface-type p2mp")";
            junos:must-message "Peer address can be set only if the interface type is p2mp";
            key "name";
            ordered-by user;
            description "P2MP peer";
            leaf name {
              type jt:ipaddr;
              description "Address of peer";
            }
          }  // list peer

          leaf metric-in {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 15";
              }
            }
            description
              "Metric value to add to incoming routes";
          }

          container send {
            description
              "Configure RIP send options";
            choice send-opts {
              leaf broadcast {
                type empty;
                description
                  "Broadcast RIPv2 packets (RIPv1 compatible)";
              }
              leaf multicast {
                type empty;
                description
                  "Multicast RIPv2 packets";
              }
              leaf none {
                type empty;
                description
                  "Do not send RIP updates";
              }
              leaf version-1 {
                type empty;
                description
                  "Broadcast RIPv1 packets";
              }
            }  // choice send-opts
          }  // container send

          container receive {
            description
              "Configure RIP receive options";
            choice receive-opts {
              leaf both {
                type empty;
                description
                  "Accept both RIPv1 and RIPv2 packets";
              }
              leaf none {
                type empty;
                description
                  "Do not receive RIP packets";
              }
              leaf version-1 {
                type empty;
                description
                  "Accept RIPv1 packets only";
              }
              leaf version-2 {
                type empty;
                description
                  "Accept only RIPv2 packets";
              }
            }  // choice receive-opts
          }  // container receive

          leaf demand-circuit {
            junos:must "(!(".. .. .. authentication-selective-md5"))";
            junos:must-message "selective-md5 isn't supported with demand-circuit, opt for 'authentication-type md5' instead";
            type empty;
            description
              "Enable demand circuit on this interface";
          }

          leaf max-retrans-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "5 .. 180";
              }
            }
            description
              "Maximum time to re-transmit a msg in demand-circuit";
          }

          choice check-zero-choice {
            leaf check-zero {
              type empty;
              description
                "Check reserved fields on incoming RIPv1 packets";
            }
            leaf no-check-zero {
              type empty;
              description
                "Don't check reserved fields on incoming RIPv1 packets";
            }
          }  // choice check-zero-choice

          leaf any-sender {
            type empty;
            description
              "Disable strict checks on sender address";
          }

          leaf message-size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "25 .. 255";
              }
            }
            description
              "Number of route entries per update message";
          }

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description "Import policy";
          }

          choice authentication {
            leaf authentication-type {
              type enumeration {
                enum "none" {
                  value 0;
                  description
                    "No authentication";
                }
                enum "simple" {
                  value 1;
                  description
                    "Simple password authentication";
                }
                enum "md5" {
                  value 2;
                  description
                    "MD5 authentication";
                }
              }
            }
            list authentication-selective-md5 {
              junos:must "(!("..  interface-type p2mp"))";
              junos:must-message "selective-md5 isn't supported with '.. neighbor <> interface-type p2mp', opt for 'authentication-type md5' instead";
              junos:must "(!("..  demand-circuit"))";
              junos:must-message "selective-md5 isn't supported with '.. neighbor <> demand-circuit', opt for 'authentication-type md5' instead";
              junos:must "(!(".. .. demand-circuit"))";
              junos:must-message "selective-md5 isn't supported with '.. group <> demand-circuit', opt for 'authentication-type md5' instead";
              key "name";
              ordered-by user;
              description
                "MD5 authentication with one or more keys";
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255";
                  }
                }
                description
                  "Key ID for MD5 authentication";
              }

              leaf key {
                type jt:unreadable;
                description
                  "MD5 authentication key value";
              }

              leaf start-time {
                type jt:time;
                description
                  "Start time for key transmission (YYYY-MM-DD.HH:MM)";
              }
            }  // list authentication-selective-md5
          }  // choice authentication

          leaf authentication-key {
            junos:must "(!(".. authentication-selective-md5"))";
            junos:must-message "Key already provided for selective-md5";
            type jt:unreadable;
            description
              "Authentication key (password)";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication
          }  // container bfd-liveness-detection
        }  // list neighbor
      }  // list group

      container graceful-restart {
        presence "enable graceful-restart";
        description
          "RIP graceful restart options";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf restart-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 600";
            }
          }
          description
            "Time after which RIP is declared out of restart";
        }
      }  // container graceful-restart
    }  // grouping juniper-protocols-rip

    grouping juniper-protocols-ripng {
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for RIPng";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "error" {
                value 0;
                description
                  "Trace RIPng errors";
              }
              enum "expiration" {
                value 1;
                description
                  "Trace RIPng route expiration processing";
              }
              enum "holddown" {
                value 2;
                description
                  "Trace RIPng hold-down processing";
              }
              enum "packets" {
                value 3;
                description
                  "Trace all RIPng packets";
              }
              enum "request" {
                value 4;
                description
                  "Trace RIPng information packets";
              }
              enum "trigger" {
                value 5;
                description
                  "Trace RIPng triggered updates";
              }
              enum "update" {
                value 6;
                description
                  "Trace RIPng update packets";
              }
              enum "nsr-synchronization" {
                value 7;
                description
                  "Trace NSR synchronization events";
              }
              enum "route" {
                value 8;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 9;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 10;
                description
                  "Trace general events";
              }
              enum "state" {
                value 11;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 12;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 13;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 14;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 15;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf metric-in {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 15";
          }
        }
        description
          "Metric value to add to incoming routes";
      }

      container send {
        description
          "Configure RIPng send options";
        choice send-opts {
          leaf none {
            type empty;
            description
              "Do not send RIPng updates";
          }
        }  // choice send-opts
      }  // container send

      container receive {
        description
          "Configure RIPng receive options";
        choice receive-opts {
          leaf none {
            type empty;
            description
              "Do not receive RIPng packets";
          }
        }  // choice receive-opts
      }  // container receive

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }

      leaf holddown {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 180";
          }
        }
        units "seconds";
        description "Hold-down time";
      }

      leaf route-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "30 .. 360";
          }
        }
        units "seconds";
        description
          "Delay before routes time out";
      }

      leaf update-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 60";
          }
        }
        units "seconds";
        description
          "Interval between regular route updates";
      }

      list group {
        key "name";
        ordered-by user;
        description "Instance configuration";
        leaf name {
          type string {
            junos:posix-pattern "^.{1,48}$";
            junos:pattern-message "Must be a string of at most 48 characters";
          }
          description "Group name";
        }

        uses apply-advanced;

        leaf route-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 360";
            }
          }
          units "seconds";
          description
            "Delay before routes time out";
        }

        leaf update-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 60";
            }
          }
          units "seconds";
          description
            "Interval between regular route updates";
        }

        leaf preference {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of routes learned by this group";
        }

        leaf metric-out {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 15";
            }
          }
          description
            "Default metric of exported routes";
        }

        leaf-list export {
          type jt:policy-algebra;
          ordered-by user;
          description "Export policy";
        }

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }

        list neighbor {
          key "name";
          ordered-by user;
          description
            "Neighbor configuration";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf route-timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "30 .. 360";
              }
            }
            units "seconds";
            description
              "Delay before routes time out";
          }

          leaf update-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 60";
              }
            }
            units "seconds";
            description
              "Interval between regular route updates";
          }

          leaf metric-in {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 15";
              }
            }
            description
              "Metric value to add to incoming routes";
          }

          container send {
            description
              "Configure RIPng send options";
            choice send-opts {
              leaf none {
                type empty;
                description
                  "Do not send RIPng updates";
              }
            }  // choice send-opts
          }  // container send

          container receive {
            description
              "Configure RIPng receive options";
            choice receive-opts {
              leaf none {
                type empty;
                description
                  "Do not receive RIPng packets";
              }
            }  // choice receive-opts
          }  // container receive

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description "Import policy";
          }
        }  // list neighbor
      }  // list group

      container graceful-restart {
        presence "enable graceful-restart";
        description
          "RIPng graceful restart options";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf restart-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 600";
            }
          }
          description
            "Time after which RIPng is declared out of restart";
        }
      }  // container graceful-restart
    }  // grouping juniper-protocols-ripng

    grouping juniper-protocols-router-discovery {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable router discovery";
        }
      }  // choice enable-disable

      container traceoptions {
        description
          "Trace options for router discovery";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "route" {
                value 0;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 1;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 2;
                description
                  "Trace general events";
              }
              enum "state" {
                value 3;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 4;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 5;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 6;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 7;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      list interface {
        key "name";
        ordered-by user;
        description
          "Interfaces on which to configure router discovery";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf max-advertisement-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "4 .. 1800";
            }
          }
          units "seconds";
          description
            "Maximum time before sending advertisements";
        }

        leaf min-advertisement-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 1800";
            }
          }
          units "seconds";
          description
            "Minimum time before sending advertisements";
        }

        leaf lifetime {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 9000";
            }
          }
          units "seconds";
          description
            "How long addresses in advertisements are valid";
        }
      }  // list interface

      list address {
        key "name";
        ordered-by user;
        description
          "IP addresses to include in advertisements";
        leaf name {
          type jt:ipv4addr;
          description
            "IP addresses to include in router advertisements";
        }

        uses apply-advanced;

        leaf advertise {
          type empty;
          description
            "Advertise the IP address in advertisements";
        }

        leaf ignore {
          type empty;
          description
            "Do not advertise the IP address in advertisements";
        }

        leaf broadcast {
          type empty;
          description
            "Include IP address only in broadcast advertisements";
        }

        leaf multicast {
          type empty;
          description
            "Include IP address only in multicast advertisements";
        }

        leaf ineligible {
          type empty;
          description
            "IP address can never become a default router";
        }

        leaf priority {
          type union {
            type int32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Preference of the address to become a default router";
        }
      }  // list address
    }  // grouping juniper-protocols-router-discovery

    grouping juniper-protocols-rsvp {
      description "RSVP options";
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable RSVP";
        }
      }  // choice enable-disable

      container graceful-restart {
        description
          "Configure graceful restart attributes";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable RSVP graceful restart capability";
          }
        }  // choice enable-disable

        leaf helper-disable {
          type empty;
          description
            "Disable graceful restart helper capability";
        }

        leaf maximum-helper-restart-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "seconds";
          default "20";
          description
            "Maximum wait time from down event to neighbor dead";
        }

        leaf maximum-helper-recovery-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 3600";
            }
          }
          units "seconds";
          default "180";
          description
            "Maximum time restarting neighbor states are kept";
        }
      }  // container graceful-restart

      container tunnel-services {
        presence "enable tunnel-services";
        description
          "Use tunnel services for P2MP LSP ultimate-hop popping";
        uses apply-advanced;

        leaf-list devices {
          type union {
            type jt:interface-device;
            type string {
              pattern "<.*>|$.*";
            }
          }
          ordered-by user;
          description
            "Tunnel services devices to use for P2MP LSPs";
        }
      }  // container tunnel-services

      leaf no-p2mp-sublsp {
        type empty;
        description
          "Disable P2MP sub-LSP object generation";
      }

      leaf no-node-id-subobject {
        type empty;
        description
          "Do not include the node-id sub-object in the RRO";
      }

      leaf no-interface-hello {
        type empty;
        description
          "Disble interface Hellos on all RSVP interfaces";
      }

      container pop-and-forward {
        description
          "RSVP pop-and-forward specific global parameters";
        uses apply-advanced;

        container application-label {
          description
            "Number of application labels under the RSVP transport";
          uses apply-advanced;

          leaf depth {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 3";
              }
            }
            default "1";
            description
              "Application label depth";
          }
        }  // container application-label
      }  // container pop-and-forward

      leaf hello-acknowledgements {
        type empty;
        description
          "Acknowledge Hellos on RSVP interfaces not having sessions";
      }

      leaf no-hello-acknowledgements {
        junos:must "(!("protocols rsvp hello-acknowledgements"))";
        junos:must-message "Config hello-acknowledgements should be removed";
        type empty;
        description
          "Do not ack Hellos on RSVP interfaces not having sessions";
      }

      container node-hello {
        presence "enable node-hello";
        description
          "Enable node-ID based Hellos on all RSVP interfaces";
        leaf hello-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 60";
            }
          }
          units "seconds";
          default "9";
          description "Hello interval";
        }
      }  // container node-hello

      leaf no-node-hello {
        junos:must "(!("protocols rsvp node-hello"))";
        junos:must-message "Config node-hello should be removed";
        type empty;
        description
          "Disable node-ID based Hellos on the router";
      }

      leaf allow-bidirectional {
        type empty;
        status deprecated;
        description
          "Enable bidirectional support in RSVP";
      }

      leaf local-reversion {
        junos:must "(!("protocols rsvp no-local-reversion"))";
        junos:must-message "Config no-local-reversion should be removed";
        type empty;
        description
          "Enable local reversion at this Point of Local Repair";
      }

      leaf no-local-reversion {
        type empty;
        description
          "Disable local reversion at this Point of Local Repair";
      }

      leaf rfc6510-lsp-attributes {
        type empty;
        description
          "Use RFC6510 compliant LSP_ATTRIBUTES";
      }

      container fast-reroute {
        description
          "One-to-one fast-reroute protection mechanism";
        uses apply-advanced;

        leaf optimize-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "Frequency of reoptimization for fast-reroute detour";
        }
      }  // container fast-reroute

      container load-balance {
        description
          "Per-packet load-balancing algorithm";
        uses apply-advanced;

        leaf bandwidth {
          type empty;
          description
            "Per-packet load balancing proportional to LSP bandwidth";
        }
      }  // container load-balance

      container traceoptions {
        description "Trace options for RSVP";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "io-event" {
                value 0;
                description
                  "Trace RSVP IO task related events";
              }
              enum "io-packets" {
                value 1;
                description
                  "Trace all RSVP periodic refresh activity";
              }
              enum "packets" {
                value 2;
                description
                  "Trace all RSVP trigger packets";
              }
              enum "path" {
                value 3;
                description
                  "Trace RSVP trigger path messages";
              }
              enum "resv" {
                value 4;
                description
                  "Trace RSVP trigger Resv messages";
              }
              enum "pathtear" {
                value 5;
                description
                  "Trace RSVP PathTear messages";
              }
              enum "resvtear" {
                value 6;
                description
                  "Trace RSVP ResvTear messages";
              }
              enum "state" {
                value 7;
                description
                  "Trace state transitions";
              }
              enum "error" {
                value 8;
                description
                  "Trace error conditions";
              }
              enum "route" {
                value 9;
                description
                  "Trace routing information";
              }
              enum "lmp" {
                value 10;
                description
                  "Trace RSVP-LMP related interactions";
              }
              enum "event" {
                value 11;
                description
                  "Trace RSVP related events";
              }
              enum "nsr-synchronization" {
                value 12;
                description
                  "Trace NSR synchronization events";
              }
              enum "lsp-prefix" {
                value 13;
                description
                  "Prefix the trace messages with LSP information";
              }
              enum "enhanced-frr" {
                value 14;
                description
                  "Enhanced FRR related information";
              }
              enum "all" {
                value 15;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf refresh-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        default "1200";
        description
          "Refresh time in seconds";
      }

      leaf keep-multiplier {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 255";
          }
        }
        default "3";
        description "Keep multiplier";
      }

      leaf graceful-deletion-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 300";
          }
        }
        units "seconds";
        default "30";
        description
          "Time to complete graceful deletion signaling";
      }

      leaf setup-protection {
        type empty;
        description
          "Enable setup protection";
      }

      leaf no-p2mp-re-merge {
        type empty;
        description "Enable p2mp remerge";
      }

      leaf cross-credibility-cspf {
        type empty;
        description
          "Compute CSPF paths spanning protocols for bypass LSP, detour LSP and loose hop expansion";
      }

      container preemption {
        description
          "Set RSVP session preemption attributes";
        uses apply-advanced;

        choice preemption-type {
          leaf disabled {
            type empty;
            description
              "No RSVP session preemption";
          }
          leaf normal {
            type empty;
            description
              "Run RSVP session preemption to accommodate new sessions";
          }
          leaf aggressive {
            type empty;
            description
              "Run RSVP session preemption whenever necessary";
          }
        }  // choice preemption-type

        container soft-preemption {
          description
            "Options for establishing new path before tearing down a preempted LSP";
          uses apply-advanced;

          leaf cleanup-timer {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 10800";
              }
            }
            units "seconds";
            description
              "Time a soft-preempted LSP will be maintained";
          }
        }  // container soft-preemption
      }  // container preemption

      leaf authentication-key {
        type jt:unreadable;
        description
          "Authentication password";
      }

      leaf no-authentication-check {
        type empty;
        description
          "Skip authentication check for received messages";
      }

      container associated-bidirectional-lsp {
        description
          "Set associated bidirectional LSP attributes";
        uses apply-advanced;

        leaf single-sided-provisioning {
          type empty;
          description
            "Enable unidirectional reverse LSP setup for single sided provisioned forward LSP";
        }
      }  // container associated-bidirectional-lsp

      leaf no-enhanced-frr-bypass {
        type empty;
        description
          "Disable enhanced facility backup FRR";
      }

      container expand-flood-reflector-hop {
        presence
          "enable expand-flood-reflector-hop";
        description
          "Control expansion of flood reflector ERO strict hops";
      }  // container expand-flood-reflector-hop

      list interface {
        key "name";
        ordered-by user;
        description "RSVP interface options";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable RSVP on this interface";
          }
        }  // choice enable-disable

        leaf authentication-key {
          type jt:unreadable;
          description
            "Authentication password";
        }

        choice aggregate-choice {
          leaf aggregate {
            type empty;
            status deprecated;
            description
              "Permit refresh reduction extensions on the interface";
          }
          leaf no-aggregate {
            type empty;
            status deprecated;
            description
              "Don't permit refresh reduction extensions on the interface";
          }
        }  // choice aggregate-choice

        choice reliable-choice {
          leaf reliable {
            type empty;
            description
              "Permit reliable message delivery on the interface";
          }
          leaf no-reliable {
            type empty;
            description
              "Don't permit reliable message delivery on the interface";
          }
        }  // choice reliable-choice

        leaf hello-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 60";
            }
          }
          units "seconds";
          default "9";
          description "Hello interval";
        }

        container subscription {
          description
            "Link bandwidth percentage for RSVP reservation";
          uses subscription-type;
        }  // container subscription

        leaf bandwidth {
          type string;
          description
            "Available bandwidth for the interface units bps";
        }

        container update-threshold {
          description
            "Change in reserved bandwidth to trigger IGP update";
          uses apply-advanced;

          leaf threshold-percent {
            type decimal64 {
              fraction-digits 9;
              range "0.001 .. 20";
            }
            units "percent";
            default "10.0";
            description
              "Percentage change in reserved bandwidth to trigger IGP update";
          }

          leaf threshold-value {
            type string;
            description
              "Change in reserved bandwidth to trigger IGP update (will be capped at 20% of link BW)";
          }
        }  // container update-threshold

        container update-threshold-max-reservable {
          description
            "Change in non-rsvp bandwidth to trigger IGP update ";
          uses apply-advanced;

          leaf bandwidth {
            type string;
            description
              "Change in non-rsvp bandwidth to trigger IGP update units bps";
          }

          leaf percent {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            units "percent";
            description
              "Percentage change in max-reservable bandwidth to trigger IGP update";
          }
        }  // container update-threshold-max-reservable

        container non-rsvp-bandwdith {
          description
            "Config knobs relating to non-rsvp bandwidth";
          uses apply-advanced;

          leaf local-bw-override-threshold {
            type empty;
            description
              "Overide threshold and update local bandwidth with non-rsvp bandwidth usage";
          }
        }  // container non-rsvp-bandwdith

        container link-protection {
          presence "enable link-protection";
          description
            "Protect traffic with a label-stacked LSP";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable link protection on this interface";
            }
          }  // choice enable-disable

          container bandwidth {
            description
              "Bandwidth for each bypass";
            uses bandwidth-type;
          }  // container bandwidth

          leaf max-bypasses {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 99";
              }
            }
            default "1";
            description
              "Max number of bypasses permitted for protecting this interface";
          }

          leaf subscription {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            default "100";
            description
              "Percent of bandwidth guaranteed when admitting protected LSPs into bypasses";
          }

          leaf no-node-protection {
            type empty;
            description
              "Disallow node protection on this interface";
          }

          leaf optimize-timer {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 65535";
              }
            }
            units "seconds";
            default "0";
            description
              "Interval between bypass reoptimizations";
          }

          leaf class-of-service {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "0 .. 7";
              }
            }
            description
              "Class of service for the bypass LSP";
          }

          leaf hop-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 255";
              }
            }
            description
              "Maximum allowed router hops for bypass";
          }

          leaf no-cspf {
            junos:must "(".. path")";
            junos:must-message "The path of the bypass must be configured when using no-cspf";
            type empty;
            description
              "Disable automatic path computation";
          }

          leaf exclude-srlg {
            type empty;
            description "Exclude SRLG links";
          }

          container priority {
            presence "enable priority";
            description
              "Preemption priorities for the bypass LSP";
          }  // container priority

          leaf setup-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 7";
              }
            }
            description "Set-up priority";
          }

          leaf reservation-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 7";
              }
            }
            description
              "Reservation priority";
          }

          list path {
            key "name";
            ordered-by user;
            description
              "Explicit route of bypass path";
            leaf name {
              type jt:ipv4addr;
              description
                "Address of next system in path";
            }

            choice loose_strict_none {
              leaf loose {
                type empty;
                description
                  "Next hop might not be adjacent";
              }
              leaf strict {
                type empty;
                description
                  "Next hop must be adjacent";
              }
            }  // choice loose_strict_none
          }  // list path

          container admin-group {
            description
              "Administrative group policy";
            uses admin_group_include_exclude;
          }  // container admin-group

          list bypass {
            key "name";
            ordered-by user;
            description
              "Bypass with specific constraints";
            leaf name {
              type string {
                length "1 .. 64";
              }
              description "Name of bypass";
            }

            uses apply-advanced;

            leaf to {
              type jt:ipv4addr;
              description
                "Address of egress router";
            }

            container bandwidth {
              description
                "Bandwidth for each bypass";
              uses bandwidth-type;
            }  // container bandwidth

            container subscription {
              presence "enable subscription";
              description
                "Bandwidth percent available on bypass for protected LSPs";
              uses bypass-subscription-type;
            }  // container subscription

            leaf description {
              type string {
                length "1 .. 80";
              }
              description
                "Text description of bypass";
            }

            container priority {
              presence "enable priority";
              description
                "Preemption priorities for bypass";
            }  // container priority

            leaf setup-priority {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 7";
                }
              }
              description "Set-up priority";
            }

            leaf reservation-priority {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 7";
                }
              }
              description
                "Reservation priority";
            }

            leaf class-of-service {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type int32 {
                  range "0 .. 7";
                }
              }
              description
                "Class of service for the bypass LSP";
            }

            leaf hop-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 255";
                }
              }
              description
                "Maximum allowed router hops for bypass";
            }

            leaf no-cspf {
              junos:must "(".. path")";
              junos:must-message "The path of the bypass must be configured when using no-cspf";
              type empty;
              description
                "Disable automatic path computation";
            }

            leaf exclude-srlg {
              type empty;
              description
                "Exclude SRLG links";
            }

            list path {
              key "name";
              ordered-by user;
              description
                "Explicit route of bypass path";
              leaf name {
                type jt:ipv4addr;
                description
                  "Address of next system in path";
              }

              choice loose_strict_none {
                leaf loose {
                  type empty;
                  description
                    "Next hop might not be adjacent";
                }
                leaf strict {
                  type empty;
                  description
                    "Next hop must be adjacent";
                }
              }  // choice loose_strict_none
            }  // list path

            container admin-group {
              description
                "Administrative group policy";
              uses admin_group_include_exclude;
            }  // container admin-group
          }  // list bypass
        }  // container link-protection
      }  // list interface

      list peer-interface {
        key "name";
        ordered-by user;
        description
          "Configuration for peer interface";
        leaf name {
          type string;
          description
            "Name of peer interface";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable RSVP on this control peer";
          }
        }  // choice enable-disable

        leaf authentication-key {
          type jt:unreadable;
          description
            "Authentication password";
        }

        choice aggregate-choice {
          leaf aggregate {
            type empty;
            status deprecated;
            description
              "Permit refresh reduction extensions on the interface";
          }
          leaf no-aggregate {
            type empty;
            status deprecated;
            description
              "Don't permit refresh reduction extensions on the interface";
          }
        }  // choice aggregate-choice

        choice reliable-choice {
          leaf reliable {
            type empty;
            description
              "Permit reliable message delivery on the interface";
          }
          leaf no-reliable {
            type empty;
            description
              "Don't permit reliable message delivery on the interface";
          }
        }  // choice reliable-choice

        leaf hello-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 60";
            }
          }
          units "seconds";
          default "9";
          description "Hello interval";
        }

        container dynamic-bidirectional-transport {
          presence
            "enable dynamic-bidirectional-transport";
          description
            "Enable dynamic setup of bidirectional packet LSP for transporting non-packet GMPLS LSP";
          uses apply-advanced;

          leaf template {
            junos:must "(!("protocols mpls label-switched-path $$ p2mp"))";
            junos:must-message "Referenced template cannot be a p2mp template";
            junos:must "(("protocols mpls label-switched-path $$" && "protocols mpls label-switched-path $$ template"))";
            junos:must-message "Referenced LSP template does not exist";
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be a string of 64 characters or less";
            }
            description
              "Template for the dynamic bidirectional packet LSP";
          }
        }  // container dynamic-bidirectional-transport
      }  // list peer-interface

      list lsp-set {
        key "name";
        ordered-by user;
        description
          "Configuration for lsp set";
        leaf name {
          type string;
          description "Name of lsp set";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable this lsp set";
          }
        }  // choice enable-disable

        container match-criteria {
          description
            "Match criteria for this lsp set";
          uses lsp-set-match-type;
        }  // container match-criteria

        container traceoptions {
          description
            "Trace options for this lsp set";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "io-event" {
                  value 0;
                  description
                    "Trace RSVP IO task related events";
                }
                enum "io-packets" {
                  value 1;
                  description
                    "Trace all RSVP periodic refresh activity";
                }
                enum "packets" {
                  value 2;
                  description
                    "Trace all RSVP packets";
                }
                enum "path" {
                  value 3;
                  description
                    "Trace RSVP path messages";
                }
                enum "resv" {
                  value 4;
                  description
                    "Trace RSVP Resv messages";
                }
                enum "pathtear" {
                  value 5;
                  description
                    "Trace RSVP PathTear messages";
                }
                enum "resvtear" {
                  value 6;
                  description
                    "Trace RSVP ResvTear messages";
                }
                enum "state" {
                  value 7;
                  description
                    "Trace state transitions";
                }
                enum "error" {
                  value 8;
                  description
                    "Trace error conditions";
                }
                enum "route" {
                  value 9;
                  description
                    "Trace routing information";
                }
                enum "lmp" {
                  value 10;
                  description
                    "Trace RSVP-LMP related interactions";
                }
                enum "event" {
                  value 11;
                  description
                    "Trace RSVP related events";
                }
                enum "nsr-synchronization" {
                  value 12;
                  description
                    "Trace NSR synchronization events";
                }
                enum "lsp-prefix" {
                  value 13;
                  description
                    "Prefix the trace messages with LSP information";
                }
                enum "enhanced-frr" {
                  value 14;
                  description
                    "Enhanced FRR related information";
                }
                enum "all" {
                  value 15;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions
      }  // list lsp-set
    }  // grouping juniper-protocols-rsvp

    grouping bypass-subscription-type {
      uses apply-advanced;

      leaf subscription {
        type string;
        default "100";
        description
          "Subscription percentage for bandwidth protection";
      }
    }  // grouping bypass-subscription-type

    grouping juniper-protocols-stp {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable STP";
        }
      }  // choice enable-disable

      leaf bpdu-destination-mac-address {
        type enumeration {
          enum "provider-bridge-group" {
            value 0;
            description
              "802.1ad provider bridge group address";
          }
        }
        description
          "Destination MAC address in the spanning tree BPDUs";
      }

      leaf bridge-priority {
        type string {
          junos:posix-pattern "^(0|4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
          junos:pattern-message "Must be a multiple of 4096";
        }
        description
          "Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)";
      }

      leaf backup-bridge-priority {
        type string {
          junos:posix-pattern "^(4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
          junos:pattern-message "Must be a multiple of 4096";
        }
        description
          "Priority of the bridge (in increments of 4k - 4k,8k,..60k)";
      }

      leaf max-age {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "6 .. 40";
          }
        }
        units "seconds";
        description
          "Maximum age of received protocol bpdu";
      }

      leaf hello-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 10";
          }
        }
        units "seconds";
        description
          "Time interval between configuration BPDUs";
      }

      leaf forward-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "4 .. 30";
          }
        }
        units "seconds";
        description
          "Time spent in listening or learning state";
      }

      leaf system-identifier {
        type jt:mac-unicast;
        description
          "Sytem identifier to represent this node";
      }

      container traceoptions {
        description
          "Tracing options for debugging protocol operation";
        uses stp-trace-options;
      }  // container traceoptions

      leaf vpls-flush-on-topology-change {
        type empty;
        description
          "Enable VPLS MAC flush on root protected CE interface receving topology change";
      }

      leaf priority-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 255";
          }
        }
        units "seconds";
        description
          "Hold time before switching to primary priority when core domain becomes up";
      }

      list system-id {
        key "name";
        ordered-by user;
        description
          "System ID to IP mapping";
        uses system-id-ip-map;
      }  // list system-id

      list interface {
        key "name";
        description "Interface options";
        uses stp-interface;
      }  // list interface

      leaf extended-system-id {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "0 .. 4095";
          }
        }
        description
          "Extended system identifier";
      }

      leaf force-version {
        type enumeration {
          enum "stp" {
            value 0;
            description
              "Spanning tree protocol";
          }
        }
        description "Force protocol version";
      }

      leaf bpdu-block-on-edge {
        type empty;
        description
          "Block BPDU on all interfaces configured as edge (BPDU Protect)";
      }
    }  // grouping juniper-protocols-stp

    grouping juniper-protocols-vstp {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description "Disable VSTP";
        }
      }  // choice enable-disable

      leaf force-version {
        type enumeration {
          enum "stp" {
            value 0;
            description
              "Spanning tree protocol";
          }
        }
        description "Force protocol version";
      }

      leaf bpdu-block-on-edge {
        type empty;
        description
          "Block BPDU on all interfaces configured as edge (BPDU Protect)";
      }

      leaf vpls-flush-on-topology-change {
        type empty;
        description
          "Enable VPLS MAC flush on root protected CE interface receving topology change";
      }

      leaf priority-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 255";
          }
        }
        units "seconds";
        description
          "Hold time before switching to primary priority when core domain becomes up";
      }

      list system-id {
        key "name";
        ordered-by user;
        description
          "System ID to IP mapping";
        uses system-id-ip-map;
      }  // list system-id

      list interface {
        key "name";
        description "Interface options";
        uses stp-interface;
      }  // list interface

      list vlan {
        key "name";
        description
          "VLAN spanning tree options";
        leaf name {
          type string;
          description "VLAN id or all";
        }

        uses apply-advanced;

        leaf bridge-priority {
          type string {
            junos:posix-pattern "^(0|4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
            junos:pattern-message "Must be a multiple of 4096";
          }
          description
            "Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)";
        }

        leaf backup-bridge-priority {
          type string {
            junos:posix-pattern "^(4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
            junos:pattern-message "Must be a multiple of 4096";
          }
          description
            "Priority of the bridge (in increments of 4k - 4k,8k,..60k)";
        }

        leaf max-age {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "6 .. 40";
            }
          }
          units "seconds";
          description
            "Maximum age of received protocol bpdu";
        }

        leaf hello-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 10";
            }
          }
          units "seconds";
          description
            "Time interval between configuration BPDUs";
        }

        leaf forward-delay {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "4 .. 30";
            }
          }
          units "seconds";
          description
            "Time spent in listening or learning state";
        }

        leaf system-identifier {
          type jt:mac-unicast;
          description
            "Sytem identifier to represent this node";
        }

        container traceoptions {
          description
            "Tracing options for debugging protocol operation";
          uses stp-trace-options;
        }  // container traceoptions

        list interface {
          key "name";
          description "Interface options";
          uses stp-interface;
        }  // list interface
      }  // list vlan

      container vlan-group {
        presence "enable vlan-group";
        description
          "Spanning tree options for group of VLANs";
        uses apply-advanced;

        list group {
          key "name";
          ordered-by user;
          description "Name if VLAN group";
          leaf name {
            type string {
              junos:posix-pattern "^[[:alpha:]][[:alnum:]_-]+$";
              junos:pattern-message "Must be a string beginning with a letter and consisting of letters, numbers, dashes, and underscores";
              length "1 .. 63";
            }
            description "VLAN group name";
          }

          uses apply-advanced;

          leaf-list vlan {
            type string;
            ordered-by user;
            description
              "VLAN ID or VLAN ID range [1..4094]";
          }

          leaf bridge-priority {
            type string {
              junos:posix-pattern "^(0|4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
              junos:pattern-message "Must be a multiple of 4096";
            }
            description
              "Priority of the bridge (in increments of 4k - 0,4k,8k,..60k)";
          }

          leaf backup-bridge-priority {
            type string {
              junos:posix-pattern "^(4k|4096|8k|8192|12k|12288|16k|16384|20k|20480|24k|24576|28k|28672|32k|32768|36k|36864|40k|40960|44k|45056|48k|49512|52k|53248|56k|57344|60k|61440)$";
              junos:pattern-message "Must be a multiple of 4096";
            }
            description
              "Priority of the bridge (in increments of 4k - 4k,8k,..60k)";
          }

          leaf max-age {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "6 .. 40";
              }
            }
            units "seconds";
            description
              "Maximum age of received protocol bpdu";
          }

          leaf hello-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 10";
              }
            }
            units "seconds";
            description
              "Time interval between configuration BPDUs";
          }

          leaf forward-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "4 .. 30";
              }
            }
            units "seconds";
            description
              "Time spent in listening or learning state";
          }

          leaf system-identifier {
            type jt:mac-unicast;
            description
              "Sytem identifier to represent this node";
          }

          container traceoptions {
            description
              "Tracing options for debugging protocol operation";
            uses stp-trace-options;
          }  // container traceoptions

          list interface {
            key "name";
            description "Interface options";
            uses stp-interface;
          }  // list interface
        }  // list group
      }  // container vlan-group
    }  // grouping juniper-protocols-vstp

    grouping juniper-ri-protocols-bfd {
      uses apply-advanced;

      container sbfd {
        description
          "Seamless BFD parameters";
        uses apply-advanced;

        leaf-list pool {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "List of seamless BFD endpoints";
        }

        list local-discriminator {
          key "name";
          ordered-by user;
          description
            "Local discriminator for seamless BFD responder";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Local discriminator for seamless BFD responder";
          }

          uses apply-advanced;

          leaf minimum-receive-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum receive interval for seamless BFD responder";
          }

          leaf local-ip-address {
            type jt:ipv4addr;
            description
              "IPv4 source address";
          }
        }  // list local-discriminator
      }  // container sbfd
    }  // grouping juniper-ri-protocols-bfd

    grouping juniper-ri-protocols-igmp-snooping {
      description "IGMP snooping options";
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for IGMP Snooping";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all IGMP packets";
              }
              enum "query" {
                value 1;
                description
                  "Trace IGMP membership query messages";
              }
              enum "report" {
                value 2;
                description
                  "Trace membership report messages";
              }
              enum "leave" {
                value 3;
                description
                  "Trace leave group messages (IGMPv2 only)";
              }
              enum "group" {
                value 4;
                description
                  "Trace group operations";
              }
              enum "client-notification" {
                value 5;
                description
                  "Trace notifications";
              }
              enum "host-notification" {
                value 6;
                description
                  "Trace host notifications";
              }
              enum "route" {
                value 7;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 8;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 9;
                description
                  "Trace general events";
              }
              enum "state" {
                value 10;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 11;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 12;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 13;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 14;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf query-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1024";
          }
        }
        units "seconds";
        default "125";
        description
          "When to send host query messages";
      }

      container l2-querier {
        description "Enable L2 querier mode";
        uses apply-advanced;

        leaf source-address {
          type jt:ipv4addr;
          description
            "Source IP address to use for L2 querier";
        }
      }  // container l2-querier

      leaf query-response-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "10";
        description
          "How long to wait for a host query response";
      }

      leaf query-last-member-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "1";
        description
          "When to send group query messages";
      }

      leaf robust-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 10";
          }
        }
        default "2";
        description
          "Expected packet loss on a subnet";
      }

      leaf learn-pim-router {
        type empty;
        description
          "Learn PIM router interfaces from PIM hellos";
      }

      leaf immediate-leave {
        type empty;
        description
          "Enable immediate group leave on interfaces";
      }

      leaf evpn-ssm-reports-only {
        type empty;
        description
          "Accept and process only <s,g> reports of SSM groups";
      }

      container proxy {
        presence "enable proxy";
        description "Enable proxy mode";
        uses apply-advanced;

        leaf source-address {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "With qualified-learning source-address should be configured under Vlan options";
          type jt:ipv4addr;
          description
            "Source IP address to use for proxy";
        }

        leaf irb {
          type empty;
          description
            "Proxy IGMP reports to IRB";
        }
      }  // container proxy

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface options for IGMP";
        leaf name {
          junos:must "(!("interfaces $$-IFL vlan-tags inner-range"))";
          junos:must-message "interface with vlan-tags inner-range should be specified in a learning-domain only";
          junos:must "(!("interfaces $$-IFL vlan-id-range"))";
          junos:must-message "interface with vlan-id-range should be specified in a learning-domain only";
          junos:must "(".. .. .. .. interface $$")";
          junos:must-message "interface options can be specified for the interfaces in the routing-instance";
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, interface should be configured only under vlan";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        leaf host-only-interface {
          junos:must "(!(".. multicast-router-interface"))";
          junos:must-message "interface cannot be both host-only and multicast-router";
          type empty;
          description
            "Enable interfaces to be treated as host-side interfaces";
        }

        leaf group-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          description
            "Maximum number of (source,group) per interface";
        }

        container static {
          description
            "Static group or source membership";
          uses apply-advanced;

          list group {
            key "name";
            ordered-by user;
            description
              "IP multicast group address";
            leaf name {
              type jt:ipv4addr;
              description
                "IP multicast group address";
            }

            uses apply-advanced;

            list source {
              key "name";
              ordered-by user;
              description
                "IP multicast source address";
              leaf name {
                type jt:ipv4addr;
                description
                  "Source address of IP multicast data";
              }

              uses apply-advanced;
            }  // list source
          }  // list group
        }  // container static
      }  // list interface

      list pseudowire-remote-address {
        junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
        junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
        key "name";
        ordered-by user;
        description
          "Pseudowire interface options for IGMP";
        leaf name {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, pseudowire-remote-address should be configured only under vlan";
          type jt:ipv4addr;
          description
            "Pseudowire endpoint address";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }
      }  // list pseudowire-remote-address

      list qualified-vlan {
        key "name";
        ordered-by user;
        description
          "VLAN options for qualified-learning";
        leaf name {
          junos:must "(".. .. .. .. .. vlans ${vlan} vlan-id all")";
          junos:must-message "vlan specific configuration is allowed with qualified-learning only";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 1023";
            }
          }
          description
            "VLAN ID of the learning-domain";
        }

        uses apply-advanced;

        leaf query-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1024";
            }
          }
          units "seconds";
          description
            "When to send host query messages";
        }

        leaf query-response-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "How long to wait for a host query response";
        }

        leaf query-last-member-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "When to send group query messages";
        }

        leaf robust-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Expected packet loss on a subnet";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        container proxy {
          presence "enable proxy";
          description "Enable proxy mode";
          uses apply-advanced;

          leaf source-address {
            type jt:ipv4addr;
            description
              "Source IP address to use for proxy";
          }
        }  // container proxy

        leaf evpn-ssm-reports-only {
          type empty;
          description
            "Accept and process only <s,g> reports of SSM groups";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface options for IGMP";
          leaf name {
            junos:must "(".. .. .. .. .. .. vlans ${vlan} interface $$")";
            junos:must-message "interface options can be specified for the interfaces in the routing-instance";
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          leaf host-only-interface {
            junos:must "(!(".. multicast-router-interface"))";
            junos:must-message "interface cannot be both host-only and multicast-router";
            type empty;
            description
              "Enable interfaces to be treated as host-side interfaces";
          }

          leaf group-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum number of (source,group) per interface";
          }

          container static {
            description
              "Static group or source membership";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP multicast group address";
              leaf name {
                type jt:ipv4addr;
                description
                  "IP multicast group address";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP multicast source address";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "Source address of IP multicast data";
                }

                uses apply-advanced;
              }  // list source
            }  // list group
          }  // container static
        }  // list interface

        list pseudowire-remote-address {
          junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
          junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
          key "name";
          ordered-by user;
          description
            "Pseudowire interface options for IGMP";
          leaf name {
            type jt:ipv4addr;
            description
              "Pseudowire endpoint address";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }
        }  // list pseudowire-remote-address
      }  // list qualified-vlan

      list vlan {
        key "name";
        ordered-by user;
        description "Vlan options";
        leaf name {
          junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Snooping cannot be enabled on secondary vlan";
          type string {
            length "1 .. 64";
          }
          description "VLAN name";
        }

        uses apply-advanced;

        leaf query-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1024";
            }
          }
          units "seconds";
          description
            "When to send host query messages";
        }

        leaf query-response-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "How long to wait for a host query response";
        }

        leaf query-last-member-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "When to send group query messages";
        }

        leaf robust-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Expected packet loss on a subnet";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        container proxy {
          presence "enable proxy";
          description "Enable proxy mode";
          uses apply-advanced;

          leaf source-address {
            type jt:ipv4addr;
            description
              "Source IP address to use for proxy";
          }
        }  // container proxy

        leaf evpn-ssm-reports-only {
          type empty;
          description
            "Accept and process only <s,g> reports of SSM groups";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface options for IGMP";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          leaf host-only-interface {
            junos:must "(!(".. multicast-router-interface"))";
            junos:must-message "interface cannot be both host-only and multicast-router";
            type empty;
            description
              "Enable interfaces to be treated as host-side interfaces";
          }

          leaf group-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum number of (source,group) per interface";
          }

          container static {
            description
              "Static group or source membership";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP multicast group address";
              leaf name {
                type jt:ipv4addr;
                description
                  "IP multicast group address";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP multicast source address";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "Source address of IP multicast data";
                }

                uses apply-advanced;
              }  // list source
            }  // list group
          }  // container static
        }  // list interface

        list pseudowire-remote-address {
          junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
          junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
          key "name";
          ordered-by user;
          description
            "Pseudowire interface options for IGMP";
          leaf name {
            type jt:ipv4addr;
            description
              "Pseudowire endpoint address";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }
        }  // list pseudowire-remote-address

        list qualified-vlan {
          key "name";
          ordered-by user;
          description
            "VLAN options for qualified-learning";
          leaf name {
            junos:must "(".. .. .. .. .. vlans ${vlan} vlan-id all")";
            junos:must-message "vlan specific configuration is allowed with qualified-learning only";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1023";
              }
            }
            description
              "VLAN ID of the learning-domain";
          }

          uses apply-advanced;

          leaf query-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1024";
              }
            }
            units "seconds";
            description
              "When to send host query messages";
          }

          leaf query-response-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "How long to wait for a host query response";
          }

          leaf query-last-member-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "When to send group query messages";
          }

          leaf robust-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 10";
              }
            }
            description
              "Expected packet loss on a subnet";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          container proxy {
            presence "enable proxy";
            description "Enable proxy mode";
            uses apply-advanced;

            leaf source-address {
              type jt:ipv4addr;
              description
                "Source IP address to use for proxy";
            }
          }  // container proxy

          leaf evpn-ssm-reports-only {
            type empty;
            description
              "Accept and process only <s,g> reports of SSM groups";
          }

          list interface {
            key "name";
            ordered-by user;
            description
              "Interface options for IGMP";
            leaf name {
              junos:must "(".. .. .. .. .. .. vlans ${vlan} interface $$")";
              junos:must-message "interface options can be specified for the interfaces in the routing-instance";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }

            leaf host-only-interface {
              junos:must "(!(".. multicast-router-interface"))";
              junos:must-message "interface cannot be both host-only and multicast-router";
              type empty;
              description
                "Enable interfaces to be treated as host-side interfaces";
            }

            leaf group-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum number of (source,group) per interface";
            }

            container static {
              description
                "Static group or source membership";
              uses apply-advanced;

              list group {
                key "name";
                ordered-by user;
                description
                  "IP multicast group address";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "IP multicast group address";
                }

                uses apply-advanced;

                list source {
                  key "name";
                  ordered-by user;
                  description
                    "IP multicast source address";
                  leaf name {
                    type jt:ipv4addr;
                    description
                      "Source address of IP multicast data";
                  }

                  uses apply-advanced;
                }  // list source
              }  // list group
            }  // container static
          }  // list interface

          list pseudowire-remote-address {
            junos:must "((" .. .. .. igmp-snooping-options snoop-pseudowires" || " .. .. .. .. igmp-snooping-options snoop-pseudowires"))";
            junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
            key "name";
            ordered-by user;
            description
              "Pseudowire interface options for IGMP";
            leaf name {
              type jt:ipv4addr;
              description
                "Pseudowire endpoint address";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }
          }  // list pseudowire-remote-address
        }  // list qualified-vlan
      }  // list vlan
    }  // grouping juniper-ri-protocols-igmp-snooping

    grouping juniper-ri-protocols-mld-snooping {
      description "MLD snooping options";
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for MLD Snooping";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "packets" {
                value 0;
                description
                  "Trace all MLD packets";
              }
              enum "query" {
                value 1;
                description
                  "Trace MLD membership query messages";
              }
              enum "report" {
                value 2;
                description
                  "Trace membership report messages";
              }
              enum "leave" {
                value 3;
                description
                  "Trace leave group messages (MLDv2 only)";
              }
              enum "group" {
                value 4;
                description
                  "Trace group operations";
              }
              enum "client-notification" {
                value 5;
                description
                  "Trace notifications";
              }
              enum "host-notification" {
                value 6;
                description
                  "Trace host notifications";
              }
              enum "route" {
                value 7;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 8;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 9;
                description
                  "Trace general events";
              }
              enum "state" {
                value 10;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 11;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 12;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 13;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 14;
                description
                  "Trace everything";
              }
            }
          }

          leaf send {
            type empty;
            description
              "Trace transmitted packets";
          }

          leaf receive {
            type empty;
            description
              "Trace received packets";
          }

          leaf detail {
            type empty;
            description
              "Trace detailed information";
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      leaf query-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1024";
          }
        }
        units "seconds";
        default "125";
        description
          "When to send host query messages";
      }

      container l2-querier {
        description "Enable L2 querier mode";
        uses apply-advanced;

        leaf source-address {
          type jt:ipv6addr;
          description
            "Source IP address to use for L2 querier";
        }
      }  // container l2-querier

      leaf query-response-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "10";
        description
          "How long to wait for a host query response";
      }

      leaf query-last-member-interval {
        type string {
          junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
          junos:pattern-message "Up to 1 digit to right of decimal point";
        }
        units "seconds";
        default "1";
        description
          "When to send group query messages";
      }

      leaf robust-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 10";
          }
        }
        default "2";
        description
          "Expected packet loss on a subnet";
      }

      leaf immediate-leave {
        type empty;
        description
          "Enable immediate group leave on interfaces";
      }

      leaf evpn-ssm-reports-only {
        type empty;
        description
          "Accept and process only <s,g> reports of SSM groups";
      }

      container proxy {
        presence "enable proxy";
        description "Enable proxy mode";
        uses apply-advanced;

        leaf source-address {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "With qualified-learning source-address should be configured under Vlan options";
          type jt:ipv6addr;
          description
            "Source IP address to use for proxy";
        }

        leaf irb {
          type empty;
          description
            "Proxy IGMP reports to IRB";
        }
      }  // container proxy

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface options for MLD";
        leaf name {
          junos:must "(!("interfaces $$-IFL vlan-tags inner-range"))";
          junos:must-message "interface with vlan-tags inner-range should be specified in a learning-domain only";
          junos:must "(!("interfaces $$-IFL vlan-id-range"))";
          junos:must-message "interface with vlan-id-range should be specified in a learning-domain only";
          junos:must "(".. .. .. .. interface $$")";
          junos:must-message "interface options can be specified for the interfaces in the routing-instance";
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, interface should be configured only under vlan";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        leaf host-only-interface {
          junos:must "(!(".. multicast-router-interface"))";
          junos:must-message "interface cannot be both host-only and multicast-router";
          type empty;
          description
            "Enable interfaces to be treated as host-side interfaces";
        }

        leaf group-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          description
            "Maximum number of (source,group) per interface";
        }

        container static {
          description
            "Static group or source membership";
          uses apply-advanced;

          list group {
            key "name";
            ordered-by user;
            description
              "IP multicast group address";
            leaf name {
              type jt:ipv6addr;
              description
                "IP multicast group address";
            }

            uses apply-advanced;

            list source {
              key "name";
              ordered-by user;
              description
                "IP multicast source address";
              leaf name {
                type jt:ipv6addr;
                description
                  "Source address of IP multicast data";
              }

              uses apply-advanced;
            }  // list source
          }  // list group
        }  // container static
      }  // list interface

      list pseudowire-remote-address {
        junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
        junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
        key "name";
        ordered-by user;
        description
          "Pseudowire interface options for MLD";
        leaf name {
          junos:must "(!(".. .. .. .. vlan-id all"))";
          junos:must-message "When 'vlan-id all' is configured, pseudowire-remote-address should be configured only under vlan";
          type jt:ipv4addr;
          description
            "Pseudowire endpoint address";
        }

        uses apply-advanced;

        leaf multicast-router-interface {
          type empty;
          description
            "Enabling multicast-router-interface on the interface";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }
      }  // list pseudowire-remote-address

      list qualified-vlan {
        key "name";
        ordered-by user;
        description
          "VLAN options for qualified-learning";
        leaf name {
          junos:must "(".. .. .. .. .. vlans ${vlan} vlan-id all")";
          junos:must-message "vlan specific configuration is allowed with qualified-learning only";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 1023";
            }
          }
          description
            "VLAN ID of the learning-domain";
        }

        uses apply-advanced;

        leaf query-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1024";
            }
          }
          units "seconds";
          description
            "When to send host query messages";
        }

        leaf query-response-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "How long to wait for a host query response";
        }

        leaf query-last-member-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "When to send group query messages";
        }

        leaf robust-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Expected packet loss on a subnet";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        container proxy {
          presence "enable proxy";
          description "Enable proxy mode";
          uses apply-advanced;

          leaf source-address {
            type jt:ipv6addr;
            description
              "Source IP address to use for proxy";
          }
        }  // container proxy

        leaf evpn-ssm-reports-only {
          type empty;
          description
            "Accept and process only <s,g> reports of SSM groups";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface options for MLD";
          leaf name {
            junos:must "(".. .. .. .. .. .. vlans ${vlan} interface $$")";
            junos:must-message "interface options can be specified for the interfaces in the routing-instance";
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          leaf host-only-interface {
            junos:must "(!(".. multicast-router-interface"))";
            junos:must-message "interface cannot be both host-only and multicast-router";
            type empty;
            description
              "Enable interfaces to be treated as host-side interfaces";
          }

          leaf group-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum number of (source,group) per interface";
          }

          container static {
            description
              "Static group or source membership";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP multicast group address";
              leaf name {
                type jt:ipv6addr;
                description
                  "IP multicast group address";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP multicast source address";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "Source address of IP multicast data";
                }

                uses apply-advanced;
              }  // list source
            }  // list group
          }  // container static
        }  // list interface

        list pseudowire-remote-address {
          junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
          junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
          key "name";
          ordered-by user;
          description
            "Pseudowire interface options for MLD";
          leaf name {
            type jt:ipv4addr;
            description
              "Pseudowire endpoint address";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }
        }  // list pseudowire-remote-address
      }  // list qualified-vlan

      list vlan {
        key "name";
        ordered-by user;
        description "Vlan options";
        leaf name {
          junos:must "(!(".. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Snooping cannot be enabled on secondary vlan";
          type string {
            length "1 .. 64";
          }
          description
            "Vlan of the bridge-domain";
        }

        uses apply-advanced;

        leaf query-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1024";
            }
          }
          units "seconds";
          description
            "When to send host query messages";
        }

        leaf query-response-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "How long to wait for a host query response";
        }

        leaf query-last-member-interval {
          type string {
            junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
            junos:pattern-message "Up to 1 digit to right of decimal point";
          }
          units "seconds";
          description
            "When to send group query messages";
        }

        leaf robust-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Expected packet loss on a subnet";
        }

        leaf immediate-leave {
          type empty;
          description
            "Enable immediate group leave on interfaces";
        }

        container proxy {
          presence "enable proxy";
          description "Enable proxy mode";
          uses apply-advanced;

          leaf source-address {
            type jt:ipv6addr;
            description
              "Source IP address to use for proxy";
          }
        }  // container proxy

        leaf evpn-ssm-reports-only {
          type empty;
          description
            "Accept and process only <s,g> reports of SSM groups";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface options for MLD";
          leaf name {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Interface name";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          leaf host-only-interface {
            junos:must "(!(".. multicast-router-interface"))";
            junos:must-message "interface cannot be both host-only and multicast-router";
            type empty;
            description
              "Enable interfaces to be treated as host-side interfaces";
          }

          leaf group-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description
              "Maximum number of (source,group) per interface";
          }

          container static {
            description
              "Static group or source membership";
            uses apply-advanced;

            list group {
              key "name";
              ordered-by user;
              description
                "IP multicast group address";
              leaf name {
                type jt:ipv6addr;
                description
                  "IP multicast group address";
              }

              uses apply-advanced;

              list source {
                key "name";
                ordered-by user;
                description
                  "IP multicast source address";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "Source address of IP multicast data";
                }

                uses apply-advanced;
              }  // list source
            }  // list group
          }  // container static
        }  // list interface

        list pseudowire-remote-address {
          junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
          junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
          key "name";
          ordered-by user;
          description
            "Pseudowire interface options for MLD";
          leaf name {
            type jt:ipv4addr;
            description
              "Pseudowire endpoint address";
          }

          uses apply-advanced;

          leaf multicast-router-interface {
            type empty;
            description
              "Enabling multicast-router-interface on the interface";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }
        }  // list pseudowire-remote-address

        list qualified-vlan {
          key "name";
          ordered-by user;
          description
            "VLAN options for qualified-learning";
          leaf name {
            junos:must "(".. .. .. .. .. vlans ${vlan} vlan-id all")";
            junos:must-message "vlan specific configuration is allowed with qualified-learning only";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1023";
              }
            }
            description
              "VLAN ID of the learning-domain";
          }

          uses apply-advanced;

          leaf query-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 1024";
              }
            }
            units "seconds";
            description
              "When to send host query messages";
          }

          leaf query-response-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "How long to wait for a host query response";
          }

          leaf query-last-member-interval {
            type string {
              junos:posix-pattern "^[0-9]{1,4}(.[0-9])?$";
              junos:pattern-message "Up to 1 digit to right of decimal point";
            }
            units "seconds";
            description
              "When to send group query messages";
          }

          leaf robust-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 10";
              }
            }
            description
              "Expected packet loss on a subnet";
          }

          leaf immediate-leave {
            type empty;
            description
              "Enable immediate group leave on interfaces";
          }

          container proxy {
            presence "enable proxy";
            description "Enable proxy mode";
            uses apply-advanced;

            leaf source-address {
              type jt:ipv6addr;
              description
                "Source IP address to use for proxy";
            }
          }  // container proxy

          leaf evpn-ssm-reports-only {
            type empty;
            description
              "Accept and process only <s,g> reports of SSM groups";
          }

          list interface {
            key "name";
            ordered-by user;
            description
              "Interface options for MLD";
            leaf name {
              junos:must "(".. .. .. .. .. .. vlans ${vlan} interface $$")";
              junos:must-message "interface options can be specified for the interfaces in the routing-instance";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }

            leaf host-only-interface {
              junos:must "(!(".. multicast-router-interface"))";
              junos:must-message "interface cannot be both host-only and multicast-router";
              type empty;
              description
                "Enable interfaces to be treated as host-side interfaces";
            }

            leaf group-limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum number of (source,group) per interface";
            }

            container static {
              description
                "Static group or source membership";
              uses apply-advanced;

              list group {
                key "name";
                ordered-by user;
                description
                  "IP multicast group address";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "IP multicast group address";
                }

                uses apply-advanced;

                list source {
                  key "name";
                  ordered-by user;
                  description
                    "IP multicast source address";
                  leaf name {
                    type jt:ipv6addr;
                    description
                      "Source address of IP multicast data";
                  }

                  uses apply-advanced;
                }  // list source
              }  // list group
            }  // container static
          }  // list interface

          list pseudowire-remote-address {
            junos:must "((" .. .. .. mld-snooping-options snoop-pseudowires" || " .. .. .. .. mld-snooping-options snoop-pseudowires"))";
            junos:must-message "Configure pseudowire-remote-address only with snoop-pseudowires instance config";
            key "name";
            ordered-by user;
            description
              "Pseudowire interface options for MLD";
            leaf name {
              type jt:ipv4addr;
              description
                "Pseudowire endpoint address";
            }

            uses apply-advanced;

            leaf multicast-router-interface {
              type empty;
              description
                "Enabling multicast-router-interface on the interface";
            }

            leaf immediate-leave {
              type empty;
              description
                "Enable immediate group leave on interfaces";
            }
          }  // list pseudowire-remote-address
        }  // list qualified-vlan
      }  // list vlan
    }  // grouping juniper-ri-protocols-mld-snooping

    grouping juniper-routing-instance-pbb-options {
      description
        "PBB options for the routing instance";
      uses apply-advanced;

      leaf peer-instance {
        junos:must "((!("routing-instances $$ protocols evpn pbb-evpn-core") || !(any ".. .. service-groups <*> pbb-service-options mac-address")))";
        junos:must-message "mac-address should not be configured under service-groups pbb-service-options for PBB EVPN";
        junos:must "(!(any ".. vlan-id <*> isid-list <*>"))";
        junos:must-message "vlan-id isid-list mapping & peer-instance can not exist in same routing-instance";
        junos:must "("routing-instances $$")";
        junos:must-message "pbbn-peer routing instance must be configured";
        type string;
        description
          "Set the peer-pbbn routing instance";
      }

      list vlan-id {
        junos:must "(!(any ".. peer-instance <*>"))";
        junos:must-message "vlan-id isid-list mapping & peer-instance can not exist in same routing-instance";
        junos:must "(!(any ".. .. service-groups <*>"))";
        junos:must-message "vlan-id isid-list mapping & service-groups can not exist in same routing-instance";
        key "name";
        ordered-by user;
        description
          "Set B-VLAN to ISID mapping";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 4094";
            }
          }
          description "Configure B-Vlan";
        }

        leaf-list isid-list {
          type string;
          ordered-by user;
          description
            "Configure ISID(Valid Range:256..16777214) for the B-VLAN";
        }
      }  // list vlan-id

      leaf default-bvlan {
        junos:must "(!(any ".. peer-instance <*>"))";
        junos:must-message "default-bvlan & peer-instance can not exist in same routing-instance";
        junos:must "(!(any ".. .. service-groups <*>"))";
        junos:must-message "default-bvlan mapping & service-groups can not exist in same routing-instance";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4094";
          }
        }
        description
          "Default B-VLAN for all un-mapped ISIDs";
      }
    }  // grouping juniper-routing-instance-pbb-options

    grouping juniper-routing-instance-service-groups {
      description
        "Service-groups configuration";
      leaf name {
        junos:must "(any ".. .. pbb-options peer-instance <*>")";
        junos:must-message "peer pbbn instance must be there for service-groups configuration";
        type string;
        description "Service-group name";
      }

      uses apply-advanced;

      leaf service-type {
        type enumeration {
          enum "eline" {
            junos:must "(!(any ".. .. service-groups <*> service-type elan"))";
            junos:must-message "Elan and eline services can not exist in same routing instance";
            value 0;
            description
              "Ethernet point-to-point";
          }
          enum "elan" {
            junos:must "(!(any ".. .. service-groups <*> service-type eline"))";
            junos:must-message "Elan and eline services can not exist in same routing instance";
            value 1;
            description
              "Ethernet LAN service";
          }
        }
        description
          "Service type as ethernet LAN or point-to-point";
      }

      container pbb-service-options {
        presence
          "enable pbb-service-options";
        description
          "Provider backbone instance service options";
        uses apply-advanced;

        list isid {
          junos:must "(!(any ".. .. .. pbb-options vlan-id <*> isid-list <*>"))";
          junos:must-message "vlan-id to isid-list mapping is not allowed in PBN routing-instance";
          key "name";
          ordered-by user;
          description
            "ISID to S-VLAN configuration";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "256 .. 16777214";
              }
            }
            description "Configure ISID";
          }

          choice service-data {
            leaf-list vlan-id-list {
              junos:must "(!(".. .. .. service-type eline"))";
              junos:must-message "Vlan-id-list cannot be specified for eline service";
              junos:must "(any ".. .. .. service-type <*>")";
              junos:must-message "service-type must be specified";
              type jt:vlan-range;
              description "List of S-VLANs";
            }
            leaf interface {
              junos:must "(!(".. .. .. service-type elan"))";
              junos:must-message "Interface cannot be specified for elan service";
              junos:must "(!(any ".. .. .. .. bridge-domains <*> interface $$"))";
              junos:must-message "Sub interface is not allowed for PBB configuration";
              junos:must "(any ".. .. .. service-type <*>")";
              junos:must-message "service-type must be specified";
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Point to point interface name";
            }
          }  // choice service-data
        }  // list isid

        leaf default-isid {
          junos:must "(!(any ".. isid <*> vlan-id-list <*>"))";
          junos:must-message "Default isid & explicit isid services not allowed in the same service-group";
          junos:must "(!(".. .. service-type eline"))";
          junos:must-message "Default-isid not valid for service-type eline";
          junos:must "(any ".. .. service-type <*>")";
          junos:must-message "service-type must be specified";
          junos:must "(!(any ".. .. .. pbb-options vlan-id <*> isid-list <*>"))";
          junos:must-message "vlan-id to isid-list mapping is not allowed in PBN routing-instance";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "256 .. 16777214";
            }
          }
          description
            "Default ISID for all un-mapped S-VLANs";
        }

        leaf mac-address {
          type jt:mac-addr;
          description
            "Unicast or multicast mac address";
        }

        leaf source-bmac {
          type jt:mac-addr;
          description
            "Unicast Source B Mac address";
        }
      }  // container pbb-service-options
    }  // grouping juniper-routing-instance-service-groups

    grouping juniper-routing-instance-switch-options {
      description
        "Bridge options for the routing instance";
      uses apply-advanced;

      container mac-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC address forwarding table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container mac-table-size

      container mac-ip-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-ip-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC+IP bindings table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings";
        }
      }  // container mac-ip-table-size

      container interface-mac-limit {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC address learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses per interface";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
            enum "log" {
              value 2;
              description
                "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
            }
            enum "shutdown" {
              value 3;
              description
                "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
            }
            enum "drop-and-log" {
              value 4;
              description
                "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container interface-mac-limit

      container interface-mac-ip-limit {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-ip-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC+IP bindings learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings per interface";
        }
      }  // container interface-mac-ip-limit

      container mac-notification {
        presence "enable mac-notification";
        description
          "MAC notification options";
        uses apply-advanced;

        leaf notification-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 60";
            }
          }
          units "seconds";
          default "30";
          description
            "Interval for sending MAC notifications";
        }
      }  // container mac-notification

      leaf mac-table-aging-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        units "seconds";
        description
          "Delay for discarding MAC address if no updates are received";
      }

      leaf no-mac-learning {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "no-mac-learning needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Disable dynamic MAC address learning";
      }

      leaf no-normalization {
        type empty;
        description
          "Disable vlan id normalization for interfaces";
      }

      leaf mac-statistics {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-statistics needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Enable MAC address statistics";
      }

      container mib {
        presence "enable mib";
        description "Snmp mib options";
        uses apply-advanced;

        container dot1q-mib {
          presence "enable dot1q-mib";
          description
            "Dot1q MIB configuration options";
          uses apply-advanced;

          leaf port-list {
            type enumeration {
              enum "bit-map" {
                value 0;
                description
                  "Port list is represented in bit-map format";
              }
              enum "string" {
                value 1;
                description
                  "Port list is represented in string format";
              }
            }
            description
              "Port list for staticegressports and staticuntaggedports MIB";
          }
        }  // container dot1q-mib
      }  // container mib

      container static-rvtep-mac {
        description
          "Configure Static MAC and remote VxLAN tunnel endpoint entries";
        uses apply-advanced;

        list mac {
          key "mac_addr remote-vtep";
          description "Unicast MAC address";
          leaf mac_addr {
            type jt:mac-unicast;
          }

          leaf remote-vtep {
            type jt:ipaddr;
            description
              "Configure static remote VXLAN tunnel endpoints";
          }
        }  // list mac
      }  // container static-rvtep-mac

      leaf service-id {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "Service ID required if multi-chassis AE is part of a bridge-domain";
      }

      leaf ovsdb-managed {
        junos:must "(!("routing-instances ${instance} protocols evpn encapsulation vxlan"))";
        junos:must-message "Not valid with protocols evpn encapsulation vxlan";
        type empty;
        description
          "All vxlan bridge domains in routing instance are remote managed";
      }

      list interface {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface needs to be specified under switch-options for a virtual-switch instance";
        key "name";
        ordered-by user;
        description
          "Interface that connect this site to the VPN";
        leaf name {
          junos:must "((".. .. .. interface $$" || "FALSE"))";
          junos:must-message "Interface must be part of this routing instance";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container interface-mac-limit {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          description
            "Maximum number of MAC addresses learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC addresses per interface";
          }

          leaf disable {
            type empty;
            description
              "Disable interface for interface-mac-limit";
          }

          leaf packet-action {
            type enumeration {
              enum "none" {
                value 0;
                description
                  "Forward the packet";
              }
              enum "drop" {
                value 1;
                description
                  "Drop packets and do not learn. Default is forward";
              }
              enum "log" {
                value 2;
                description
                  "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
              }
              enum "shutdown" {
                value 3;
                description
                  "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
              }
              enum "drop-and-log" {
                value 4;
                description
                  "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
              }
            }
            description
              "Action when MAC limit is reached";
          }
        }  // container interface-mac-limit

        leaf action-priority {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 8";
            }
          }
          description
            "Blocking priority of this interface on mac move detection";
        }

        list static-mac {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          key "name";
          ordered-by user;
          description
            "Static MAC addresses assigned to this interface";
          leaf name {
            junos:must "((!("FALSE") || all ".. vlan-id <*>"))";
            junos:must-message " Specify vlan-id for qualified learning ";
            type jt:mac-addr;
            description "MAC address";
          }

          uses apply-advanced;

          list vlan-id {
            junos:must "("FALSE")";
            junos:must-message "'vlan-id all' has to be configured for the bridging domain";
            key "name";
            ordered-by user;
            description
              "VLAN ID of learning VLAN";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4094";
                }
              }
              description "Learning VLAN";
            }

            uses apply-advanced;
          }  // list vlan-id
        }  // list static-mac

        container interface-mac-ip-limit {
          description
            "Maximum number of MAC+IP bindings learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC+IP bindings per interface";
          }
        }  // container interface-mac-ip-limit

        leaf no-mac-learning {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type empty;
          description
            "Disable dynamic MAC address learning";
        }

        leaf mac-pinning {
          type empty;
          description "Enable MAC pinning";
        }

        leaf persistent-learning {
          junos:must "(!("switch-options mac-table-aging-time "))";
          junos:must-message "Persistent learning can not co-exist with mac-table-aging-time";
          type empty;
          description
            "Enable persistent MAC learning on this interface";
        }
      }  // list interface

      container traceoptions {
        description
          "Layer 2 trace options for this routing instance";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        leaf level {
          type enumeration {
            enum "error" {
              value 0;
              description
                "Match error conditions";
            }
            enum "warning" {
              value 1;
              description
                "Match warning messages";
            }
            enum "notice" {
              value 2;
              description
                "Match conditions that should be handled specially";
            }
            enum "info" {
              value 3;
              description
                "Match informational messages";
            }
            enum "verbose" {
              value 4;
              description
                "Match verbose messages";
            }
            enum "all" {
              value 5;
              description "Match all levels";
            }
          }
          default "error";
          description
            "Level of debugging output";
        }

        list flag {
          key "name";
          ordered-by user;
          description
            "Type of operation or event to include in trace";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Configuration operations";
              }
              enum "routing-socket" {
                value 1;
                description
                  "Routing socket operations";
              }
              enum "interface-device" {
                value 2;
                description
                  "Interface device operations";
              }
              enum "interface-logical" {
                value 3;
                description
                  "Logical interface operations";
              }
              enum "interface-family" {
                value 4;
                description
                  "Interface family operations";
              }
              enum "bridging-domain" {
                value 5;
                description
                  "Bridging domain operations";
              }
              enum "bridge-interface" {
                value 6;
                description
                  "Interface bridge operations";
              }
              enum "learning-domain" {
                value 7;
                description
                  "Learning domain operations";
              }
              enum "ipc" {
                value 8;
                description
                  "Inter-process communications operations";
              }
              enum "mac-learning" {
                value 9;
                description
                  "MAC address learning operations";
              }
              enum "initialization" {
                value 10;
                description
                  "Initialization operations";
              }
              enum "flood-next-hop" {
                value 11;
                description
                  "Flood next hop operations";
              }
              enum "irb" {
                value 12;
                description
                  "Integrated routing and bridging operations";
              }
              enum "vpls-ping" {
                value 13;
                description
                  "VPLS ping operations";
              }
              enum "vpls-loop-prev" {
                value 14;
                description
                  "VPLS loop prevention";
              }
              enum "storm-control" {
                value 15;
                description "Storm-control";
              }
              enum
                "unknown-unicast-forwarding" {
                value 16;
                description
                  "Trace unknown unicast forwarding events";
              }
              enum "vxlan" {
                value 17;
                description "VXLAN";
              }
              enum "all" {
                value 18;
                description "All operations";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      container voip {
        description
          "Voice-over-IP configuration";
        uses apply-advanced;

        list interface {
          key "name";
          ordered-by user;
          description
            "Enable voice over IP on this port";
          leaf name {
            type string;
          }

          uses apply-advanced;

          leaf vlan {
            junos:must "(!("vlans $$ vlan-range "))";
            junos:must-message "Ranged vlan cannot be used by Voice-over-IP";
            type string;
            description
              "VLAN for voice over IP";
          }

          leaf forwarding-class {
            type string {
              junos:posix-pattern "^.{1,64}$";
              junos:pattern-message "Must be string of 64 characters or less";
            }
            description "Forwarding class";
          }
        }  // list interface
      }  // container voip

      container unknown-unicast-forwarding {
        description
          "Set interface for forwarding of unknown unicast packets";
        uses apply-advanced;

        list vlan {
          key "name";
          description
            "VLAN for the unknown unicast packets";
          leaf name {
            type string;
            description
              "VLAN name or VLAN Tag (1..4095)";
          }

          uses apply-advanced;

          leaf interface {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Interface to send unknown unicast packets for the VLAN";
          }
        }  // list vlan
      }  // container unknown-unicast-forwarding
    }  // grouping juniper-routing-instance-switch-options

    grouping juniper-routing-options {
      uses apply-advanced;

      container logical-system-mux {
        description
          "Logical system control daemon information";
        uses apply-advanced;

        container traceoptions {
          description "Trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "debug" {
                  value 0;
                  description
                    "Trace debug-level lrmuxd activities";
                }
                enum "parse" {
                  value 1;
                  description
                    "Trace configuration parsing";
                }
                enum "route" {
                  value 2;
                  description
                    "Trace routing information";
                }
                enum "normal" {
                  value 3;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 4;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 5;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 6;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 7;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 8;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 9;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions
      }  // container logical-system-mux

      container auto-bandwidth {
        presence "enable auto-bandwidth";
        description "Auto bandwidth";
        uses apply-advanced;

        list template {
          key "name";
          ordered-by user;
          description
            "Auto bandwidth template";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description
              "Auto bandwidth template name (Maximum length 64)";
          }

          uses apply-advanced;

          leaf adjust-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "30 .. 3600";
              }
            }
            description "Adjust interval";
          }

          leaf adjust-threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 100";
              }
            }
            description
              "Percentage threshhold";
          }

          leaf statistic-collection-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 300";
              }
            }
            description
              "Collection interval";
          }

          leaf auto-bandwidth-subscription {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 200";
              }
            }
            description
              "Percentage threshhold for subscription";
          }
        }  // list template

        container traceoptions {
          description
            "Trace options for sr stats";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "all" {
                  value 0;
                  description "Trace All";
                }
                enum "timer" {
                  value 1;
                  description
                    "Trace traffic recv by periodic timer";
                }
                enum "state" {
                  value 2;
                  description
                    "Trace state of sensor";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions
      }  // container auto-bandwidth

      container backup-selection {
        presence "enable backup-selection";
        description
          "Backup selection options";
        uses apply-advanced;

        list destination {
          key "name";
          description
            "IP/IPv6 prefix for which backup selection policy is configured";
          leaf name {
            type jt:ipprefix-mandatory;
            description
              "IP/IPv6 address (and optional prefix length)";
          }

          uses apply-advanced;

          list interface {
            key "name";
            description
              "Primary nexthop interface for which backup selection policy is configured";
            leaf name {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Interface name";
            }

            uses apply-advanced;

            container admin-group {
              description
                "Administrative group policies for backup-selection";
              uses apply-advanced;

              leaf-list exclude {
                type string;
                description
                  "Do not use interface if any admin group available";
              }

              leaf-list include-all {
                type string;
                description
                  "Use interface if admin groups available entirely";
              }

              leaf-list include-any {
                type string;
                description
                  "Use interface if any admin group is available";
              }

              leaf-list preference {
                type string;
                ordered-by user;
                description
                  "Administrative groups in descending preference order";
              }
            }  // container admin-group

            leaf srlg {
              type enumeration {
                enum "loose" {
                  value 0;
                  description "Loose SRLG";
                }
                enum "strict" {
                  value 1;
                  description "Strict SRLG";
                }
              }
              default "loose";
              description
                "Evaluate Shared Risk Link Group(SRLG) characteristics for backup selection";
            }

            leaf protection-type {
              type enumeration {
                enum "link" {
                  value 0;
                  description
                    "Protect the primary interface from link faults only";
                }
                enum "node" {
                  value 1;
                  description
                    "Protect the primary interface from node faults only";
                }
                enum "node-link" {
                  value 2;
                  description
                    "Protect the primary interface from either link or node faults; prefer node protection";
                }
              }
              description
                "Type of protection to be considered";
            }

            leaf downstream-paths-only {
              type empty;
              description
                "Choose only the downstream nodes for backup";
            }

            leaf bandwidth-greater-equal-primary {
              type empty;
              description
                "Use backup nexthop only if bandwidth is >= bandwidth of primary nexthop";
            }

            container backup-neighbor {
              description
                "Backup Neighbor ID based policies for backup selection";
              uses apply-advanced;

              leaf-list exclude {
                type jt:ipv4addr;
                description
                  "List of backup neighbors to be excluded";
              }

              leaf-list preference {
                type jt:ipv4addr;
                ordered-by user;
                description
                  "List of backup neighbors in descending order preference";
              }
            }  // container backup-neighbor

            container node {
              description
                "Node ID based policies for backup selection";
              uses apply-advanced;

              leaf-list exclude {
                type jt:ipv4addr;
                description
                  "List of nodes to be excluded";
              }

              leaf-list preference {
                type jt:ipv4addr;
                ordered-by user;
                description
                  "List of nodes in the descending order of preference";
              }
            }  // container node

            container node-tag {
              description
                "Node  tag policies";
              uses apply-advanced;

              leaf-list exclude {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "The set of node tags to be excluded";
              }

              leaf-list preference {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "The set of node tags in the descending order of preference";
              }
            }  // container node-tag

            leaf root-metric {
              type enumeration {
                enum "lowest" {
                  value 0;
                  description
                    "Choose lowest root metric";
                }
                enum "highest" {
                  value 1;
                  description
                    "Choose highest root metric";
                }
              }
              description "Root metric";
            }

            leaf dest-metric {
              type enumeration {
                enum "lowest" {
                  value 0;
                  description
                    "Choose lowest destination metric";
                }
                enum "highest" {
                  value 1;
                  description
                    "Choose highest destination metric";
                }
              }
              description
                "Destination metric";
            }

            leaf-list metric-order {
              type enumeration {
                enum "root" {
                  value 0;
                }
                enum "dest" {
                  value 1;
                }
              }
              max-elements 2;
              ordered-by user;
              description
                "Metric evaluation order";
            }

            leaf-list evaluation-order {
              type enumeration {
                enum "admin-group" {
                  value 0;
                  description
                    "Administrative Group/Link Color";
                }
                enum "srlg" {
                  value 1;
                  description "SRLG";
                }
                enum "bandwidth" {
                  value 2;
                  description "Bandwidth";
                }
                enum "protection-type" {
                  value 3;
                  description
                    "Type of protection";
                }
                enum "backup-neighbor" {
                  value 4;
                  description
                    "Backup Neighbor";
                }
                enum "node" {
                  value 5;
                  description "Node";
                }
                enum "node-tag" {
                  value 6;
                  description "Node tag";
                }
                enum "metric" {
                  value 7;
                  description
                    "Metric related parameters";
                }
              }
              ordered-by user;
              description
                "Interface policy criteria evaluation order";
            }
          }  // list interface
        }  // list destination
      }  // container backup-selection

      list flex-algorithm {
        key "name";
        description
          "Configure flex-algorithms supported by this node.";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "128 .. 255";
            }
          }
          description "Algorithm id";
        }

        uses apply-advanced;

        container definition {
          description
            "Configure flex-algorithm definition.";
          uses apply-advanced;

          leaf metric-type {
            type enumeration {
              enum "igp-metric" {
                value 0;
                description
                  "Metric configured to be used for IGP";
              }
              enum "te-metric" {
                value 1;
                description
                  "Traffic-engineering metric";
              }
              enum "delay-metric" {
                value 2;
                description
                  "Min unidirectional link delay metric";
              }
            }
          }

          choice calculation-type {
            leaf spf {
              type empty;
              description
                "Normal SPF of type 0";
            }
            leaf strict-spf {
              type empty;
              description "Strict SPF";
            }
          }  // choice calculation-type

          leaf use-flex-algorithm-prefix-metric {
            type empty;
            description
              "Set M flag in the flex-algorithm definition flags";
          }

          leaf priority {
            junos:must "(!(".. no-advertise"))";
            junos:must-message "Priority is relevant only if fad is advertised.";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Priority of the flex-algorithm advertisement.";
          }

          container admin-group {
            description
              "Administrative group policy";
            uses admin_group_include_exclude;
          }  // container admin-group
        }  // container definition

        leaf color {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Color to be associated with this flex-algorithm";
        }

        leaf use-transport-class {
          junos:must "("routing-options transport-class auto-create")";
          junos:must-message "Please enable auto-create under routing-options transport-class hierarchy";
          type empty;
          description
            "Install ingress routes via transport class RIBs";
        }
      }  // list flex-algorithm

      container source-packet-routing {
        description
          "Source packet routing (SPRING)";
        uses apply-advanced;

        list mapping-server-entry {
          key "name";
          ordered-by user;
          description "Mapping server entry";
          leaf name {
            type string {
              length "1 .. 64";
            }
            description
              "Mapping server entry name";
          }

          uses apply-advanced;

          list prefix-segment {
            key "name";
            max-elements 64;
            ordered-by user;
            description "Prefix segment";
            leaf name {
              type jt:ipprefix;
              description
                "Prefix segment prefix";
            }

            uses apply-advanced;

            leaf index {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 199999";
                }
              }
              description
                "Prefix segment index";
            }

            leaf attached {
              type empty;
              description
                "Set attached flag in IS-IS mapping server advertisement";
            }

            leaf domain-wide-flooding {
              type empty;
              description
                "Set S-flag in IS-IS mapping server advertisement";
            }

            leaf no-node-segment {
              type empty;
              description
                "Clear node segment flag in mapping server prefix segment";
            }
          }  // list prefix-segment

          list prefix-segment-range {
            key "name";
            max-elements 64;
            ordered-by user;
            description
              "Prefix segment range";
            leaf name {
              type string {
                length "1 .. 64";
              }
              description
                "Prefix segment range name";
            }

            uses apply-advanced;

            leaf start-prefix {
              type jt:ipprefix;
              description "Start prefix";
            }

            leaf start-index {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 199999";
                }
              }
              description "Start index";
            }

            leaf size {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1024";
                }
              }
              description
                "Size of prefix segment range";
            }

            leaf attached {
              type empty;
              description
                "Set attached flag in IS-IS mapping server advertisement";
            }

            leaf domain-wide-flooding {
              type empty;
              description
                "Set S-flag in IS-IS mapping server advertisement";
            }

            leaf no-node-segment {
              type empty;
              description
                "Clear node segment flag in mapping server prefix segment";
            }
          }  // list prefix-segment-range
        }  // list mapping-server-entry

        container srv6 {
          description
            "SRv6 source-packet-routing";
          uses apply-advanced;

          list locator {
            key "name";
            ordered-by user;
            leaf name {
              type string {
                length "1 .. 64";
              }
              description
                "Locator entry name";
            }

            uses apply-advanced;

            leaf algorithm {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255";
                }
              }
              description
                "Algorithm associated with this locator";
            }

            leaf address {
              type jt:ipv6prefix;
              description
                "Configure Locator Service for SRv6";
            }
          }  // list locator

          leaf no-reduced-srh {
            type empty;
            description
              "SRv6 Encapsulation mode non reduced SRH";
          }

          leaf transit-srh-insert {
            type empty;
            description
              "SRv6 SRH insert mode on transit";
          }
        }  // container srv6
      }  // container source-packet-routing

      leaf route-distinguisher-id {
        type jt:ipv4addr;
        description
          "Identifier used in route distinguishers for routing instances";
      }

      list rib {
        key "name";
        ordered-by user;
        description "Routing table options";
        leaf name {
          type string;
          description "Routing table name";
        }

        uses apply-advanced;

        container static {
          description "Static routes";
          uses apply-advanced;

          leaf rib-group {
            type string;
            description
              "Routing table group";
          }

          container defaults {
            description
              "Global route options";
            uses apply-advanced;

            choice retain-choice {
              leaf retain {
                junos:must "(!(".. resolve"))";
                junos:must-message "Must not specify resolve with retain";
                type empty;
                description
                  "Always keep route in forwarding table";
              }
              leaf no-retain {
                junos:must "(!(".. resolve"))";
                junos:must-message "Must not specify resolve with retain";
                type empty;
                description
                  "Don't always keep route in forwarding table";
              }
            }  // choice retain-choice

            choice install-choice {
              leaf install {
                type empty;
                description
                  "Install route into forwarding table";
              }
              leaf no-install {
                type empty;
                description
                  "Don't install route into forwarding table";
              }
            }  // choice install-choice

            choice readvertise-choice {
              leaf readvertise {
                type empty;
                description
                  "Mark route as eligible to be readvertised";
              }
              leaf no-readvertise {
                type empty;
                description
                  "Don't mark route as eligible to be readvertised";
              }
            }  // choice readvertise-choice

            choice resolve-choice {
              leaf resolve {
                type empty;
                description
                  "Allow resolution of indirectly connected next hops";
              }
              leaf no-resolve {
                type empty;
                description
                  "Don't allow resolution of indirectly connected next hops";
              }
            }  // choice resolve-choice

            choice longest-match-choice {
              leaf longest-match {
                junos:must "(".. resolve")";
                junos:must-message "Requires resolve to be configured";
                type empty;
                description
                  "Always use longest prefix match to resolve next hops";
              }
              leaf no-longest-match {
                junos:must "(".. resolve")";
                junos:must-message "Requires resolve to be configured";
                type empty;
                description
                  "Don't always use longest prefix match to resolve next hops";
              }
            }  // choice longest-match-choice

            choice passive_flag {
              leaf active {
                type empty;
                description
                  "Remove inactive route from forwarding table";
              }
              leaf passive {
                type empty;
                description
                  "Retain inactive route in forwarding table";
              }
            }  // choice passive_flag

            container metric {
              presence "enable metric";
              description "Metric value";
              uses rib_static_metric_type;
            }  // container metric

            container metric2 {
              presence "enable metric2";
              description "Metric value 2";
              uses rib_static_metric_type;
            }  // container metric2

            container metric3 {
              presence "enable metric3";
              description "Metric value 3";
              uses rib_static_metric_type;
            }  // container metric3

            container metric4 {
              presence "enable metric4";
              description "Metric value 4";
              uses rib_static_metric_type;
            }  // container metric4

            container tag {
              presence "enable tag";
              description "Tag string";
              uses rib_static_metric_type;
            }  // container tag

            container tag2 {
              presence "enable tag2";
              description "Tag string 2";
              uses rib_static_metric_type;
            }  // container tag2

            container preference {
              presence "enable preference";
              description "Preference value";
              uses rib_static_metric_type;
            }  // container preference

            container preference2 {
              presence "enable preference2";
              description
                "Preference value 2";
              uses rib_static_metric_type;
            }  // container preference2

            container color {
              presence "enable color";
              description
                "Color (preference) value";
              uses rib_static_metric_type;
            }  // container color

            container color2 {
              presence "enable color2";
              description
                "Color (preference) value 2";
              uses rib_static_metric_type;
            }  // container color2

            leaf-list community {
              type jt:community;
              ordered-by user;
              description
                "BGP community identifier";
            }

            container as-path {
              description
                "Autonomous system path";
              uses apply-advanced;

              leaf path {
                type string;
                description
                  "Autonomous system path";
              }

              leaf origin {
                type enumeration {
                  enum "igp" {
                    value 0;
                    description
                      "Path originated in the local IGP";
                  }
                  enum "egp" {
                    value 1;
                    description
                      "Path originated in another AS";
                  }
                  enum "incomplete" {
                    value 2;
                    description
                      "Path was learned by some other means";
                  }
                }
              }

              leaf atomic-aggregate {
                type empty;
                description
                  "Add ATOMIC_AGGREGATE path attribute to route";
              }

              container aggregator {
                presence "enable aggregator";
                description
                  "Add AGGREGATOR path attribute to route";
              }  // container aggregator

              leaf as-number {
                type string {
                  junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                  junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
                }
                description
                  " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
              }

              leaf address {
                type jt:ipv4addr;
                description
                  "Address of BGP system that formed the route";
              }
            }  // container as-path
          }  // container defaults

          list route {
            key "name";
            ordered-by user;
            description "Static route";
            leaf name {
              type jt:ipprefix;
            }

            uses apply-advanced;

            choice next_hop {
              leaf-list next-hop {
                type union {
                  type jt:ipaddr-or-interface;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Next hop to destination";
              }
              leaf reject {
                type empty;
                description
                  "Drop packets to destination; send ICMP unreachables";
              }
              leaf discard {
                type empty;
                description
                  "Drop packets to destination; send no ICMP unreachables";
              }
              leaf receive {
                type empty;
                description
                  "Install a receive route for the destination";
              }
              leaf next-table {
                type string {
                  junos:posix-pattern "^(((.{0,128})[:](.{1,128})[.]|((.{1,128})[.]))?([a-z]|[0-9]|[-_])+[.]((1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])))$";
                  junos:pattern-message "Must match the format [<instance-name>[:<topology-name>].]<family-name>.<rib-id>";
                }
                description
                  "Next hop to another table";
              }
            }  // choice next_hop

            list qualified-next-hop {
              key "name";
              ordered-by user;
              description
                "Next hop with qualifiers";
              uses qualified_nh_obj;
            }  // list qualified-next-hop

            leaf backup-pe-group {
              junos:must "(".. p2mp-lsp-next-hop")";
              junos:must-message "Backup groups only allowed for static routes with p2mp lsp next-hop";
              type string;
              description
                "Multicast source redundancy group";
            }

            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection (BFD) options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time

              container authentication {
                description
                  "Authentication options";
                uses apply-advanced;

                leaf key-chain {
                  junos:must "(".. algorithm")";
                  junos:must-message "May not be configured without algorithm";
                  junos:must "("security authentication-key-chains key-chain $$")";
                  junos:must-message "Referenced key-chain must be defined";
                  type string;
                  description
                    "Key chain name";
                }

                leaf algorithm {
                  junos:must "(".. key-chain")";
                  junos:must-message "May not be configured without key-chain";
                  type enumeration {
                    enum "simple-password" {
                      value 0;
                      description
                        "Simple password";
                    }
                    enum "keyed-md5" {
                      value 1;
                      description
                        "Keyed message Digest 5";
                    }
                    enum
                      "meticulous-keyed-md5" {
                      value 2;
                      description
                        "Meticulous keyed message Digest 5";
                    }
                    enum "keyed-sha-1" {
                      value 3;
                      description
                        "Keyed secure hash algorithm (SHA1) ";
                    }
                    enum
                      "meticulous-keyed-sha-1" {
                      value 4;
                      description
                        "Meticulous keyed secure hash algorithm (SHA1) ";
                    }
                  }
                  description
                    "Algorithm name";
                }

                leaf loose-check {
                  type empty;
                  description
                    "Verify authentication only if authentication is negotiated";
                }
              }  // container authentication

              leaf neighbor {
                type jt:ipaddr;
                description
                  "BFD neighbor address";
              }

              leaf local-address {
                type jt:ipaddr;
                description
                  "BFD local address (for multihop only)";
              }

              leaf holddown-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Time to hold the session-UP notification to the client";
              }

              leaf minimum-receive-ttl {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "1 .. 255";
                  }
                }
                description
                  "Minimum receive TTL below which to drop";
              }
            }  // container bfd-liveness-detection

            choice retain-choice {
              leaf retain {
                junos:must "(!(".. resolve"))";
                junos:must-message "Must not specify resolve with retain";
                type empty;
                description
                  "Always keep route in forwarding table";
              }
              leaf no-retain {
                junos:must "(!(".. resolve"))";
                junos:must-message "Must not specify resolve with retain";
                type empty;
                description
                  "Don't always keep route in forwarding table";
              }
            }  // choice retain-choice

            choice install-choice {
              leaf install {
                type empty;
                description
                  "Install route into forwarding table";
              }
              leaf no-install {
                type empty;
                description
                  "Don't install route into forwarding table";
              }
            }  // choice install-choice

            choice readvertise-choice {
              leaf readvertise {
                type empty;
                description
                  "Mark route as eligible to be readvertised";
              }
              leaf no-readvertise {
                type empty;
                description
                  "Don't mark route as eligible to be readvertised";
              }
            }  // choice readvertise-choice

            choice resolve-choice {
              leaf resolve {
                type empty;
                description
                  "Allow resolution of indirectly connected next hops";
              }
              leaf no-resolve {
                type empty;
                description
                  "Don't allow resolution of indirectly connected next hops";
              }
            }  // choice resolve-choice

            choice longest-match-choice {
              leaf longest-match {
                junos:must "(".. resolve")";
                junos:must-message "Requires resolve to be configured";
                type empty;
                description
                  "Always use longest prefix match to resolve next hops";
              }
              leaf no-longest-match {
                junos:must "(".. resolve")";
                junos:must-message "Requires resolve to be configured";
                type empty;
                description
                  "Don't always use longest prefix match to resolve next hops";
              }
            }  // choice longest-match-choice

            choice passive_flag {
              leaf active {
                type empty;
                description
                  "Remove inactive route from forwarding table";
              }
              leaf passive {
                type empty;
                description
                  "Retain inactive route in forwarding table";
              }
            }  // choice passive_flag

            container metric {
              presence "enable metric";
              description "Metric value";
              uses rib_static_metric_type;
            }  // container metric

            container metric2 {
              presence "enable metric2";
              description "Metric value 2";
              uses rib_static_metric_type;
            }  // container metric2

            container metric3 {
              presence "enable metric3";
              description "Metric value 3";
              uses rib_static_metric_type;
            }  // container metric3

            container metric4 {
              presence "enable metric4";
              description "Metric value 4";
              uses rib_static_metric_type;
            }  // container metric4

            container tag {
              presence "enable tag";
              description "Tag string";
              uses rib_static_metric_type;
            }  // container tag

            container tag2 {
              presence "enable tag2";
              description "Tag string 2";
              uses rib_static_metric_type;
            }  // container tag2

            container preference {
              presence "enable preference";
              description "Preference value";
              uses rib_static_metric_type;
            }  // container preference

            container preference2 {
              presence "enable preference2";
              description
                "Preference value 2";
              uses rib_static_metric_type;
            }  // container preference2

            container color {
              presence "enable color";
              description
                "Color (preference) value";
              uses rib_static_metric_type;
            }  // container color

            container color2 {
              presence "enable color2";
              description
                "Color (preference) value 2";
              uses rib_static_metric_type;
            }  // container color2

            leaf-list community {
              type jt:community;
              ordered-by user;
              description
                "BGP community identifier";
            }

            container as-path {
              description
                "Autonomous system path";
              uses apply-advanced;

              leaf path {
                type string;
                description
                  "Autonomous system path";
              }

              leaf origin {
                type enumeration {
                  enum "igp" {
                    value 0;
                    description
                      "Path originated in the local IGP";
                  }
                  enum "egp" {
                    value 1;
                    description
                      "Path originated in another AS";
                  }
                  enum "incomplete" {
                    value 2;
                    description
                      "Path was learned by some other means";
                  }
                }
              }

              leaf atomic-aggregate {
                type empty;
                description
                  "Add ATOMIC_AGGREGATE path attribute to route";
              }

              container aggregator {
                presence "enable aggregator";
                description
                  "Add AGGREGATOR path attribute to route";
              }  // container aggregator

              leaf as-number {
                type string {
                  junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                  junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
                }
                description
                  " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
              }

              leaf address {
                type jt:ipv4addr;
                description
                  "Address of BGP system that formed the route";
              }
            }  // container as-path

            list lsp-next-hop {
              key "name";
              ordered-by user;
              description "LSP next hop";
              uses lsp_nh_obj;
            }  // list lsp-next-hop

            list p2mp-lsp-next-hop {
              key "name";
              max-elements 1;
              ordered-by user;
              description
                "Point-to-multipoint LSP next hop";
              uses lsp_nh_obj;
            }  // list p2mp-lsp-next-hop

            container spring-te-lsp-next-hop {
              junos:must "("protocols source-packet-routing tunnel-tracking")";
              junos:must-message "Please enable the tunnel-tracking  under 'protocols source-packet-routing' hierarchy";
              description
                "SPRING-TE LSP next hop";
              uses springte_lsp_nh_obj;
            }  // container spring-te-lsp-next-hop

            container p2mp-ldp-next-hop {
              description
                "Point-to-multipoint LDP LSP next hop";
              uses p2mp_ldp_lsp_nh_obj;
            }  // container p2mp-ldp-next-hop

            list static-lsp-next-hop {
              key "name";
              ordered-by user;
              description
                "Static LSP next hop";
              uses lsp_nh_obj;
            }  // list static-lsp-next-hop
          }  // list route

          container static-route {
            description
              "Static route Status";
            leaf bfd-admin-down {
              type enumeration {
                enum "active" {
                  value 0;
                  description
                    "Static route will be inactive on bfd-admin-down";
                }
                enum "passive" {
                  value 1;
                  description
                    "Static route will remain active on bfd-admin-down";
                }
              }
              description
                "Static route State on BFD ADMIN DOWN";
            }
          }  // container static-route

          list iso-route {
            key "name";
            ordered-by user;
            description
              "ISO family static route";
            leaf name {
              type jt:isoprefix;
            }

            uses apply-advanced;

            choice next_hop {
              leaf-list next-hop {
                type union {
                  type jt:ipaddr-or-interface;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                ordered-by user;
                description
                  "Next hop to destination";
              }
              leaf reject {
                type empty;
                description
                  "Drop packets to destination; send ICMP unreachables";
              }
              leaf discard {
                type empty;
                description
                  "Drop packets to destination; send no ICMP unreachables";
              }
              leaf receive {
                type empty;
                description
                  "Install a receive route for the destination";
              }
              leaf next-table {
                type string {
                  junos:posix-pattern "^(((.{0,128})[:](.{1,128})[.]|((.{1,128})[.]))?([a-z]|[0-9]|[-_])+[.]((1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])))$";
                  junos:pattern-message "Must match the format [<instance-name>[:<topology-name>].]<family-name>.<rib-id>";
                }
                description
                  "Next hop to another table";
              }
            }  // choice next_hop

            list qualified-next-hop {
              key "name";
              ordered-by user;
              description
                "Next hop with qualifiers";
              uses qualified_nh_obj;
            }  // list qualified-next-hop

            leaf backup-pe-group {
              junos:must "(".. p2mp-lsp-next-hop")";
              junos:must-message "Backup groups only allowed for static routes with p2mp lsp next-hop";
              type string;
              description
                "Multicast source redundancy group";
            }

            container bfd-liveness-detection {
              description
                "Bidirectional Forwarding Detection (BFD) options";
              uses apply-advanced;

              leaf version {
                type enumeration {
                  enum "0" {
                    value 0;
                    description
                      "BFD version 0 (deprecated)";
                  }
                  enum "1" {
                    value 1;
                    description
                      "BFD version 1";
                  }
                  enum "automatic" {
                    value 2;
                    description
                      "Choose BFD version automatically";
                  }
                }
                default "automatic";
                description
                  "BFD protocol version number";
              }

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit and receive interval";
              }

              leaf minimum-transmit-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                status deprecated;
                description
                  "Minimum transmit interval";
              }

              leaf minimum-receive-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum receive interval";
              }

              leaf multiplier {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                default "3";
                description
                  "Detection time multiplier";
              }

              choice adaptation-choice {
                leaf no-adaptation {
                  type empty;
                  description
                    "Disable adaptation";
                }
              }  // choice adaptation-choice

              container transmit-interval {
                description
                  "Transmit-interval options";
                uses apply-advanced;

                leaf minimum-interval {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 255000";
                    }
                  }
                  units "milliseconds";
                  description
                    "Minimum transmit interval";
                }

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High transmit interval triggering a trap";
                }
              }  // container transmit-interval

              container detection-time {
                description
                  "Detection-time options";
                uses apply-advanced;

                leaf threshold {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  units "milliseconds";
                  description
                    "High detection-time triggering a trap";
                }
              }  // container detection-time

              container authentication {
                description
                  "Authentication options";
                uses apply-advanced;

                leaf key-chain {
                  junos:must "(".. algorithm")";
                  junos:must-message "May not be configured without algorithm";
                  junos:must "("security authentication-key-chains key-chain $$")";
                  junos:must-message "Referenced key-chain must be defined";
                  type string;
                  description
                    "Key chain name";
                }

                leaf algorithm {
                  junos:must "(".. key-chain")";
                  junos:must-message "May not be configured without key-chain";
                  type enumeration {
                    enum "simple-password" {
                      value 0;
                      description
                        "Simple password";
                    }
                    enum "keyed-md5" {
                      value 1;
                      description
                        "Keyed message Digest 5";
                    }
                    enum
                      "meticulous-keyed-md5" {
                      value 2;
                      description
                        "Meticulous keyed message Digest 5";
                    }
                    enum "keyed-sha-1" {
                      value 3;
                      description
                        "Keyed secure hash algorithm (SHA1) ";
                    }
                    enum
                      "meticulous-keyed-sha-1" {
                      value 4;
                      description
                        "Meticulous keyed secure hash algorithm (SHA1) ";
                    }
                  }
                  description
                    "Algorithm name";
                }

                leaf loose-check {
                  type empty;
                  description
                    "Verify authentication only if authentication is negotiated";
                }
              }  // container authentication

              leaf neighbor {
                type jt:ipaddr;
                description
                  "BFD neighbor address";
              }

              leaf local-address {
                type jt:ipaddr;
                description
                  "BFD local address (for multihop only)";
              }

              leaf holddown-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Time to hold the session-UP notification to the client";
              }

              leaf minimum-receive-ttl {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint8 {
                    range "1 .. 255";
                  }
                }
                description
                  "Minimum receive TTL below which to drop";
              }
            }  // container bfd-liveness-detection

            choice retain-choice {
              leaf retain {
                junos:must "(!(".. resolve"))";
                junos:must-message "Must not specify resolve with retain";
                type empty;
                description
                  "Always keep route in forwarding table";
              }
              leaf no-retain {
                junos:must "(!(".. resolve"))";
                junos:must-message "Must not specify resolve with retain";
                type empty;
                description
                  "Don't always keep route in forwarding table";
              }
            }  // choice retain-choice

            choice install-choice {
              leaf install {
                type empty;
                description
                  "Install route into forwarding table";
              }
              leaf no-install {
                type empty;
                description
                  "Don't install route into forwarding table";
              }
            }  // choice install-choice

            choice readvertise-choice {
              leaf readvertise {
                type empty;
                description
                  "Mark route as eligible to be readvertised";
              }
              leaf no-readvertise {
                type empty;
                description
                  "Don't mark route as eligible to be readvertised";
              }
            }  // choice readvertise-choice

            choice resolve-choice {
              leaf resolve {
                type empty;
                description
                  "Allow resolution of indirectly connected next hops";
              }
              leaf no-resolve {
                type empty;
                description
                  "Don't allow resolution of indirectly connected next hops";
              }
            }  // choice resolve-choice

            choice longest-match-choice {
              leaf longest-match {
                junos:must "(".. resolve")";
                junos:must-message "Requires resolve to be configured";
                type empty;
                description
                  "Always use longest prefix match to resolve next hops";
              }
              leaf no-longest-match {
                junos:must "(".. resolve")";
                junos:must-message "Requires resolve to be configured";
                type empty;
                description
                  "Don't always use longest prefix match to resolve next hops";
              }
            }  // choice longest-match-choice

            choice passive_flag {
              leaf active {
                type empty;
                description
                  "Remove inactive route from forwarding table";
              }
              leaf passive {
                type empty;
                description
                  "Retain inactive route in forwarding table";
              }
            }  // choice passive_flag

            container metric {
              presence "enable metric";
              description "Metric value";
              uses rib_static_metric_type;
            }  // container metric

            container metric2 {
              presence "enable metric2";
              description "Metric value 2";
              uses rib_static_metric_type;
            }  // container metric2

            container metric3 {
              presence "enable metric3";
              description "Metric value 3";
              uses rib_static_metric_type;
            }  // container metric3

            container metric4 {
              presence "enable metric4";
              description "Metric value 4";
              uses rib_static_metric_type;
            }  // container metric4

            container tag {
              presence "enable tag";
              description "Tag string";
              uses rib_static_metric_type;
            }  // container tag

            container tag2 {
              presence "enable tag2";
              description "Tag string 2";
              uses rib_static_metric_type;
            }  // container tag2

            container preference {
              presence "enable preference";
              description "Preference value";
              uses rib_static_metric_type;
            }  // container preference

            container preference2 {
              presence "enable preference2";
              description
                "Preference value 2";
              uses rib_static_metric_type;
            }  // container preference2

            container color {
              presence "enable color";
              description
                "Color (preference) value";
              uses rib_static_metric_type;
            }  // container color

            container color2 {
              presence "enable color2";
              description
                "Color (preference) value 2";
              uses rib_static_metric_type;
            }  // container color2

            leaf-list community {
              type jt:community;
              ordered-by user;
              description
                "BGP community identifier";
            }

            container as-path {
              description
                "Autonomous system path";
              uses apply-advanced;

              leaf path {
                type string;
                description
                  "Autonomous system path";
              }

              leaf origin {
                type enumeration {
                  enum "igp" {
                    value 0;
                    description
                      "Path originated in the local IGP";
                  }
                  enum "egp" {
                    value 1;
                    description
                      "Path originated in another AS";
                  }
                  enum "incomplete" {
                    value 2;
                    description
                      "Path was learned by some other means";
                  }
                }
              }

              leaf atomic-aggregate {
                type empty;
                description
                  "Add ATOMIC_AGGREGATE path attribute to route";
              }

              container aggregator {
                presence "enable aggregator";
                description
                  "Add AGGREGATOR path attribute to route";
              }  // container aggregator

              leaf as-number {
                type string {
                  junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                  junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
                }
                description
                  " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
              }

              leaf address {
                type jt:ipv4addr;
                description
                  "Address of BGP system that formed the route";
              }
            }  // container as-path

            list lsp-next-hop {
              key "name";
              ordered-by user;
              description "LSP next hop";
              uses lsp_nh_obj;
            }  // list lsp-next-hop

            list p2mp-lsp-next-hop {
              key "name";
              max-elements 1;
              ordered-by user;
              description
                "Point-to-multipoint LSP next hop";
              uses lsp_nh_obj;
            }  // list p2mp-lsp-next-hop

            container spring-te-lsp-next-hop {
              junos:must "("protocols source-packet-routing tunnel-tracking")";
              junos:must-message "Please enable the tunnel-tracking  under 'protocols source-packet-routing' hierarchy";
              description
                "SPRING-TE LSP next hop";
              uses springte_lsp_nh_obj;
            }  // container spring-te-lsp-next-hop

            container p2mp-ldp-next-hop {
              description
                "Point-to-multipoint LDP LSP next hop";
              uses p2mp_ldp_lsp_nh_obj;
            }  // container p2mp-ldp-next-hop
          }  // list iso-route

          list route-target-filter {
            key "name";
            ordered-by user;
            description
              "Route-target-filter route";
            leaf name {
              type string {
                junos:posix-pattern "^[0-9.]{1,15}L?:[0-9]{1,10}/([0-9]|[2-5][0-9]|6[0-4])$";
                junos:pattern-message "Use format 'x:y/len' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. 123456L:100 and len is a prefix length from 0 to 64";
                length "1 .. 47";
              }
            }

            uses apply-advanced;

            leaf-list neighbor {
              type jt:ipaddr-scoped;
              ordered-by user;
              description
                "BGP peers for filter";
            }

            leaf-list group {
              type string;
              ordered-by user;
              description
                "BGP groups for filter";
            }

            leaf local {
              type empty;
              description
                "Locally originated filter";
            }
          }  // list route-target-filter
        }  // container static

        list martians {
          key "address choice-ident choice-value";
          ordered-by user;
          description "Invalid routes";
          uses martian_type;
        }  // list martians

        container aggregate {
          description "Coalesced routes";
          uses rib_aggregate_type;
        }  // container aggregate

        container generate {
          description "Route of last resort";
          uses rib_aggregate_type;
        }  // container generate

        choice maximum-paths-type {
          container maximum-routes {
            status deprecated;
            description
              "Maximum number of routes";
            leaf limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              description
                "Maximum number of routes";
            }

            choice log_type {
              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 100";
                  }
                }
                description
                  "Percentage of limit at which to start generating warnings";
              }
              leaf log-only {
                type empty;
                description
                  "Generate warning messages only";
              }
            }  // choice log_type

            leaf log-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "5 .. 86400";
                }
              }
              units "seconds";
              description
                "Minimum interval between log messages";
            }
          }  // container maximum-routes
          container maximum-paths {
            description
              "Maximum number of paths";
            leaf limit {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 4294967295";
                }
              }
              description
                "Maximum number of paths";
            }

            choice log_type {
              leaf threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 100";
                  }
                }
                description
                  "Percentage of limit at which to start generating warnings";
              }
              leaf log-only {
                type empty;
                description
                  "Generate warning messages only";
              }
            }  // choice log_type

            leaf log-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "5 .. 86400";
                }
              }
              units "seconds";
              description
                "Minimum interval between log messages";
            }
          }  // container maximum-paths
        }  // choice maximum-paths-type

        container maximum-prefixes {
          description
            "Maximum number of prefixes";
          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Maximum number of prefixes";
          }

          choice log_type {
            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of limit at which to start generating warnings";
            }
            leaf log-only {
              type empty;
              description
                "Generate warning messages only";
            }
          }  // choice log_type

          leaf log-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "5 .. 86400";
              }
            }
            units "seconds";
            description
              "Minimum interval between log messages";
          }
        }  // container maximum-prefixes

        container multipath {
          presence "enable multipath";
          description
            "Protocol-independent load balancing";
          uses apply-advanced;

          container vpn-unequal-cost {
            presence
              "enable vpn-unequal-cost";
            description
              "Include VPN routes with unequal IGP metrics";
            leaf equal-external-internal {
              type empty;
              description
                "Include external and internal VPN routes";
            }
          }  // container vpn-unequal-cost

          leaf as-path-compare {
            type empty;
            description
              "Compare AS path sequences in addition to AS path length";
          }

          leaf preserve-nexthop-hierarchy {
            type empty;
            description
              "Force multipath to create List nexthop";
          }
        }  // container multipath

        container policy-multipath {
          description
            "Policy based multipath";
          uses apply-advanced;

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy to create policy based multipath";
          }

          container traceoptions {
            description "Trace options";
            uses apply-advanced;

            container file {
              description
                "Trace file options";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf replace {
                type empty;
                status deprecated;
                description
                  "Replace trace file rather than appending to it";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "10";
                description
                  "Maximum number of trace files";
              }

              leaf no-stamp {
                type empty;
                status deprecated;
                description
                  "Do not timestamp trace file";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Tracing parameters";
              leaf name {
                type enumeration {
                  enum "route" {
                    value 0;
                    description
                      "Policy-multipath route tracing.";
                  }
                }
              }

              leaf send {
                type empty;
                description
                  "Trace transmitted packets";
              }

              leaf receive {
                type empty;
                description
                  "Trace received packets";
              }

              leaf detail {
                type empty;
                description
                  "Trace detailed information";
              }

              leaf disable {
                type empty;
                description
                  "Disable this trace flag";
              }
            }  // list flag
          }  // container traceoptions
        }  // container policy-multipath

        container protect {
          description
            "Protocol-independent protection";
          leaf core {
            type empty;
            description
              "Protect against unreachability to service-edge router";
          }
        }  // container protect

        container access {
          description "Access routes";
          uses apply-advanced;

          list route {
            key "name";
            ordered-by user;
            description "Access route";
            leaf name {
              type jt:ipprefix;
              description
                "IP address of destination";
            }

            uses apply-advanced;

            leaf-list next-hop {
              type union {
                type jt:ipaddr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description
                "Next hop to destination";
            }

            list qualified-next-hop {
              key "name";
              ordered-by user;
              description
                "Next hop with qualifiers";
              uses qualified_nh_obj;
            }  // list qualified-next-hop

            leaf metric {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description "Metric value";
            }

            leaf preference {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Preference value";
            }

            leaf tag {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Tag string";
            }

            leaf tag2 {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description "Tag2 string";
            }
          }  // list route
        }  // container access

        container access-internal {
          description
            "Access-internal routes";
          uses apply-advanced;

          list route {
            key "name";
            ordered-by user;
            description
              "Access-internal route";
            leaf name {
              type jt:ipprefix;
              description
                "IP address and optional prefix length of destination";
            }

            uses apply-advanced;

            leaf-list next-hop {
              type union {
                type jt:ipaddr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description
                "Next hop to destination";
            }

            list qualified-next-hop {
              key "name";
              ordered-by user;
              description
                "Next hop with qualifiers";
              uses qualified_nh_obj;
            }  // list qualified-next-hop
          }  // list route
        }  // container access-internal

        container bgp-static {
          description
            "Routes for BGP static advertisements";
          uses apply-advanced;

          list route {
            key "name";
            ordered-by user;
            description "BGP-static route";
            leaf name {
              type jt:ipprefix;
              description
                "IP address and optional prefix length of destination";
            }

            uses apply-advanced;

            container metric {
              presence "enable metric";
              description "Metric value";
              uses rib_static_metric_type;
            }  // container metric

            container metric2 {
              presence "enable metric2";
              description "Metric value 2";
              uses rib_static_metric_type;
            }  // container metric2

            container metric3 {
              presence "enable metric3";
              description "Metric value 3";
              uses rib_static_metric_type;
            }  // container metric3

            container metric4 {
              presence "enable metric4";
              description "Metric value 4";
              uses rib_static_metric_type;
            }  // container metric4

            container tag {
              presence "enable tag";
              description "Tag string";
              uses rib_static_metric_type;
            }  // container tag

            container tag2 {
              presence "enable tag2";
              description "Tag string 2";
              uses rib_static_metric_type;
            }  // container tag2

            container preference {
              presence "enable preference";
              description "Preference value";
              uses rib_static_metric_type;
            }  // container preference

            container preference2 {
              presence "enable preference2";
              description
                "Preference value 2";
              uses rib_static_metric_type;
            }  // container preference2

            container color {
              presence "enable color";
              description
                "Color (preference) value";
              uses rib_static_metric_type;
            }  // container color

            container color2 {
              presence "enable color2";
              description
                "Color (preference) value 2";
              uses rib_static_metric_type;
            }  // container color2

            leaf-list community {
              type jt:community;
              ordered-by user;
              description
                "BGP community identifier";
            }

            container as-path {
              description
                "Autonomous system path";
              uses apply-advanced;

              leaf path {
                type string;
                description
                  "Autonomous system path";
              }

              leaf origin {
                type enumeration {
                  enum "igp" {
                    value 0;
                    description
                      "Path originated in the local IGP";
                  }
                  enum "egp" {
                    value 1;
                    description
                      "Path originated in another AS";
                  }
                  enum "incomplete" {
                    value 2;
                    description
                      "Path was learned by some other means";
                  }
                }
              }

              leaf atomic-aggregate {
                type empty;
                description
                  "Add ATOMIC_AGGREGATE path attribute to route";
              }

              container aggregator {
                presence "enable aggregator";
                description
                  "Add AGGREGATOR path attribute to route";
              }  // container aggregator

              leaf as-number {
                type string {
                  junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                  junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
                }
                description
                  " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
              }

              leaf address {
                type jt:ipv4addr;
                description
                  "Address of BGP system that formed the route";
              }
            }  // container as-path
          }  // list route
        }  // container bgp-static

        container flow {
          description
            "Locally defined flow routing information";
          uses apply-advanced;

          container validation {
            presence "enable validation";
            description
              "Flow route validation options";
            uses flow-validation;
          }  // container validation

          list route {
            key "name";
            ordered-by user;
            description "Flow route";
            uses flow-route-inet6;
          }  // list route

          container interface-group {
            description
              "Interface-group for applying flow-spec filter";
            uses flow-interface-group;
          }  // container interface-group

          leaf discard-action-for-unresolved-redir-addr {
            type empty;
            description
              "For action redirect IP if redirect address is unresolved install discard action filter";
          }

          choice per-route-accounting-choice {
            leaf per-route-accounting {
              type empty;
              description
                "Enable traffic accounting per flowspec route";
            }
            leaf no-per-route-accounting {
              type empty;
              description
                "Don't enable traffic accounting per flowspec route";
            }
          }  // choice per-route-accounting-choice
        }  // container flow

        container label {
          presence "enable label";
          description "Label processing";
          uses apply-advanced;

          leaf-list allocation {
            junos:must "(".. .. .. instance-type vrf")";
            junos:must-message "'allocation' policy is valid only for 'instance-type vrf'";
            type jt:policy-algebra;
            ordered-by user;
            description
              "Label allocation policy";
          }

          leaf-list substitution {
            junos:must "(".. .. .. instance-type vrf")";
            junos:must-message "'substitution' policy is valid only for 'instance-type vrf'";
            type jt:policy-algebra;
            ordered-by user;
            description
              "Label substitution policy";
          }
        }  // container label
      }  // list rib

      container label {
        presence "enable label";
        description "Label processing";
        uses apply-advanced;

        leaf-list allocation {
          junos:must "(".. .. .. instance-type vrf")";
          junos:must-message "'allocation' policy is valid only for 'instance-type vrf'";
          type jt:policy-algebra;
          ordered-by user;
          description
            "Label allocation policy";
        }

        leaf-list substitution {
          junos:must "(".. .. .. instance-type vrf")";
          junos:must-message "'substitution' policy is valid only for 'instance-type vrf'";
          type jt:policy-algebra;
          ordered-by user;
          description
            "Label substitution policy";
        }
      }  // container label

      container options {
        description "Miscellaneous options";
        uses apply-advanced;

        leaf no-send {
          type empty;
          status deprecated;
          description
            "Listen only; do not send protocol packets";
        }

        leaf no-resolve {
          type empty;
          status deprecated;
          description
            "Do not use DNS name resolution";
        }

        container syslog {
          description
            "Set system logging level";
          uses apply-advanced;

          container level {
            description "Logging level";
            leaf emergency {
              type empty;
              description "Emergency level";
            }

            leaf alert {
              type empty;
              description "Alert level";
            }

            leaf critical {
              type empty;
              description "Critical level";
            }

            leaf error {
              type empty;
              description "Error level";
            }

            leaf warning {
              type empty;
              description "Warning level";
            }

            leaf notice {
              type empty;
              description "Notice level";
            }

            leaf info {
              type empty;
              description
                "Informational level";
            }

            leaf debug {
              type empty;
              description "Debugging level";
            }
          }  // container level

          leaf upto {
            type enumeration {
              enum "emergency" {
                value 0;
                description
                  "Emergency level";
              }
              enum "alert" {
                value 1;
                description "Alert level";
              }
              enum "critical" {
                value 2;
                description "Critical level";
              }
              enum "error" {
                value 3;
                description "Error level";
              }
              enum "warning" {
                value 4;
                description "Warning level";
              }
              enum "notice" {
                value 5;
                description "Notice level";
              }
              enum "info" {
                value 6;
                description
                  "Informational level";
              }
              enum "debug" {
                value 7;
                description
                  "Debugging level";
              }
            }
            description
              "Log up to a particular logging level";
          }
        }  // container syslog

        leaf mark {
          type union {
            type int32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          units "seconds";
          description
            "Periodically mark the trace file";
        }
      }  // container options

      container resolution {
        presence "enable resolution";
        description
          "Route next-hop resolution options";
        uses apply-advanced;

        leaf-list tracefilter {
          type jt:policy-algebra;
          ordered-by user;
          description "Filter policy";
        }

        container traceoptions {
          description "Trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "event" {
                  value 0;
                  description
                    "Event processing";
                }
                enum "flash" {
                  value 1;
                  description
                    "Flash processing";
                }
                enum "kernel" {
                  value 2;
                  description
                    "Kernel communication";
                }
                enum "indirect" {
                  value 3;
                  description
                    "Indirect next-hop addition, change, or deletion";
                }
                enum "task" {
                  value 4;
                  description
                    "Task or job processing";
                }
                enum "igp-frr" {
                  value 5;
                  description
                    "IGP triggered FRR events";
                }
                enum "igp-frr-extensive" {
                  value 6;
                  description
                    "IGP triggered FRR Extensive events";
                }
                enum "tunnel" {
                  value 7;
                  description
                    "Resolver dynamic tunnel events";
                }
                enum "all" {
                  value 8;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        choice preserve-nexthop-hierarchy-choice {
          leaf preserve-nexthop-hierarchy {
            type empty;
            description
              "Preserve nexthop hierarchy when installing nexthop to forwarding plane";
          }
          leaf no-preserve-nexthop-hierarchy {
            type empty;
            description
              "Don't preserve nexthop hierarchy when installing nexthop to forwarding plane";
          }
        }  // choice preserve-nexthop-hierarchy-choice

        list rib {
          key "name";
          ordered-by user;
          description
            "Routing table resolution options";
          leaf name {
            type string;
            description "Routing table name";
          }

          uses apply-advanced;

          leaf-list resolution-family {
            type string;
            ordered-by user;
            description
              "Family of resultion tree";
          }

          leaf-list resolution-ribs {
            type string;
            ordered-by user;
            description
              "Routing tables to use for default routing table family resolution";
          }

          leaf-list inet-resolution-ribs {
            type string;
            ordered-by user;
            description
              "Routing tables to use for ipv4 family protocol-next-hop resolution";
          }

          leaf-list inet6-resolution-ribs {
            type string;
            ordered-by user;
            description
              "Routing tables to use for ipv6 family protocol-next-hop resolution";
          }

          leaf-list iso-resolution-ribs {
            type string;
            ordered-by user;
            description
              "Routing tables to use for iso family protocol-next-hop resolution";
          }

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description "Import policy";
          }

          leaf-list inet-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for IPV4 family resolution tree";
          }

          leaf-list inet6-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for IPV6 family resolution tree";
          }

          leaf-list iso-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for ISO family resolution tree";
          }

          leaf-list inetcolor-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for INETCOLOR family resolution tree";
          }

          leaf-list inet6color-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for INET6COLOR family resolution tree";
          }
        }  // list rib

        choice prefer-recursive-primary-path-choice {
          leaf prefer-recursive-primary-path {
            type empty;
            description
              "Prefer primary path to resolve nexthop during recursive-resolution";
          }
          leaf no-prefer-recursive-primary-path {
            type empty;
            description
              "Don't prefer primary path to resolve nexthop during recursive-resolution";
          }
        }  // choice prefer-recursive-primary-path-choice

        list scheme {
          key "name";
          ordered-by user;
          description
            "Nexthop resolution fallback";
          leaf name {
            type string;
            description
              "Name the resolution scheme";
          }

          uses apply-advanced;

          leaf-list resolution-ribs {
            junos:must "(!(".. transport-classes"))";
            junos:must-message "resolution-ribs and transport-classes are mutually exclusive options";
            type string;
            ordered-by user;
            description
              "Routing tables to use for nexthop resolution, in fallback order";
          }

          leaf mapping-community {
            type jt:community;
            description
              "Community on service-route that maps to this transport";
          }
        }  // list scheme
      }  // container resolution

      container interface-routes {
        description
          "Define routing table groups for interface routes";
        uses apply-advanced;

        container rib-group {
          description "Routing table group";
          uses rib_group_type;
        }  // container rib-group

        list family {
          key "name";
          ordered-by user;
          description "Address family";
          leaf name {
            type enumeration {
              enum "inet" {
                value 0;
                description "IPv4 family";
              }
              enum "inet6" {
                value 1;
                description "IPv6 family";
              }
            }
          }

          uses apply-advanced;

          leaf-list import {
            type jt:policy-algebra;
            ordered-by user;
            description "Import policy";
          }

          container export {
            description
              "Control exportability of local routes";
            uses apply-advanced;

            leaf point-to-point {
              type empty;
              description
                "Make point-to-point routes exportable";
            }

            leaf lan {
              type empty;
              description
                "Make LAN routes exportable";
            }
          }  // container export
        }  // list family
      }  // container interface-routes

      leaf loopback-strict-disable {
        type empty;
        description
          "Completely disable lo0 host prefix when in admin-down state";
      }

      container traceoptions {
        description
          "Global routing protocol trace options";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "parse" {
                value 0;
                description
                  "Trace configuration parsing";
              }
              enum "regex-parse" {
                value 1;
                description
                  "Trace regular-expression parsing";
              }
              enum "config-internal" {
                value 2;
                description
                  "Trace configuration internals";
              }
              enum "nsr-synchronization" {
                value 3;
                description
                  "Trace nonstop routing synchronization events";
              }
              enum "condition-manager" {
                value 4;
                description
                  "Trace condition manager events";
              }
              enum "graceful-restart" {
                value 5;
                description
                  "Trace Graceful Restart events";
              }
              enum "session" {
                value 6;
                description
                  "Trace Session ID allocations/deallocations";
              }
              enum "hfrr-fsm" {
                value 7;
                description
                  "Host FRR FSM events tracing";
              }
              enum "hfrr-route" {
                value 8;
                description
                  "Host FRR route events tracing";
              }
              enum "statistics-id-group" {
                value 9;
                description
                  "Trace Statistics ID Group operations";
              }
              enum "route-record" {
                value 10;
                description
                  "Trace route-record server-side events";
              }
              enum "jvision-lsp" {
                value 11;
                description
                  "Trace Jvision events and errors";
              }
              enum "dyn-nh-template" {
                value 12;
                description
                  "Dynamic nexthops template events tracing";
              }
              enum "read-route" {
                value 13;
                description
                  "Read route events tracing";
              }
              enum "route" {
                value 14;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 15;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 16;
                description
                  "Trace general events";
              }
              enum "state" {
                value 17;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 18;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 19;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 20;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 21;
                description
                  "Trace everything";
              }
            }
          }

          leaf disable {
            type empty;
            description
              "Disable this trace flag";
          }
        }  // list flag
      }  // container traceoptions

      container topologies {
        junos:must "(!("routing-options no-multi-topology-routing"))";
        junos:must-message "Multi topology routing is disabled";
        description
          "Define routing topologies";
        uses apply-advanced;

        list family {
          key "name";
          ordered-by user;
          description "Address family";
          leaf name {
            type enumeration {
              enum "inet" {
                value 0;
                description "IPv4 family";
              }
              enum "inet6" {
                value 1;
                description "IPv6 family";
              }
            }
          }

          uses apply-advanced;

          list topology {
            key "name";
            ordered-by user;
            description
              "Topology information";
            leaf name {
              type string {
                junos:posix-pattern "!^((.*:.*)|(.{129,}))$";
                junos:pattern-message "Must be a non-reserved string of 128 characters or less";
              }
              description "Topology name";
            }

            uses apply-advanced;
          }  // list topology
        }  // list family
      }  // container topologies

      leaf router-id {
        type jt:ipv4addr;
        description "Router identifier";
      }

      container autonomous-system {
        description
          "Autonomous system number";
        leaf as-number {
          type string {
            junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
            junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
          }
          description
            " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
        }

        leaf loops {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type int32 {
              range "1 .. 10";
            }
          }
          description
            "Maximum number of times this AS can be in an AS path";
        }

        leaf asdot-notation {
          type empty;
          description
            "Use AS-Dot notation to display true 4 byte AS numbers";
        }

        container independent-domain {
          presence
            "enable independent-domain";
          description
            "Independent autonomous-system domain from master instance";
          container no-attrset {
            presence "enable no-attrset";
            description
              "Do not tunnel ce bgp attributes across provider network";
          }  // container no-attrset
        }  // container independent-domain
      }  // container autonomous-system

      container confederation {
        description
          "Confederation autonomous system number";
        leaf confederation-as {
          type string {
            junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
            junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
          }
          description
            " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
        }

        leaf-list members {
          type string;
          ordered-by user;
          description
            " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
        }
      }  // container confederation

      leaf ipv6-router-id {
        type string;
        description "IPv6 router identifier";
      }

      container graceful-restart {
        junos:must "(!("routing-options nonstop-routing"))";
        junos:must-message "Graceful restart and Nonstop routing may not be enabled simultaneously";
        presence "enable graceful-restart";
        description
          "Graceful or hitless routing restart options";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable graceful restart";
          }
        }  // choice enable-disable

        leaf restart-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "120 .. 10000";
            }
          }
          description
            "Maximum time for which router is in graceful restart";
        }
      }  // container graceful-restart

      container flow {
        description
          "Locally defined flow routing information";
        uses apply-advanced;

        leaf firewall-install-disable {
          type empty;
          description
            "Disable installing flowspec firewall filters in dfwd ";
        }

        choice per-route-accounting-choice {
          leaf per-route-accounting {
            type empty;
            description
              "Enable traffic accounting per flowspec route";
          }
          leaf no-per-route-accounting {
            type empty;
            description
              "Don't enable traffic accounting per flowspec route";
          }
        }  // choice per-route-accounting-choice

        container validation {
          presence "enable validation";
          description
            "Flow route validation options";
          uses flow-validation;
        }  // container validation

        container interface-group {
          description
            "Interface-group for applying flow-spec filter";
          uses flow-interface-group;
        }  // container interface-group

        list route {
          key "name";
          ordered-by user;
          description "Flow route";
          uses flow-route-inet;
        }  // list route

        leaf term-order {
          type enumeration {
            enum "legacy" {
              value 0;
              description
                "Legacy term order (default)";
            }
            enum "standard" {
              value 1;
              description
                "RFC compliant term order";
            }
          }
          description
            "Term evaluation order for flow routes";
        }

        leaf discard-action-for-unresolved-redir-addr {
          type empty;
          description
            "For action redirect IP if redirect address is unresolved install discard action filter";
        }
      }  // container flow

      leaf no-soft-core {
        type empty;
        description
          "Disable soft assert to generate core and just log the event";
      }

      leaf med-igp-update-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 600";
          }
        }
        description
          "Delay (in minutes) in updating MED IGP for bgp groups with 'delay-med-update' ";
      }

      container bmp {
        presence "enable bmp";
        description
          "BGP Monitoring Protocol (BMP) configuration";
        uses apply-advanced;

        leaf authentication-key {
          type string {
            length "1 .. 126";
          }
          description
            "MD5 authentication key";
        }

        leaf authentication-algorithm {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "md5" {
              value 0;
              description "Message Digest 5";
            }
            enum "hmac-sha-1-96" {
              value 1;
              description
                "Hash-based Message Authentication Code (SHA1) (96 bits)";
            }
            enum "aes-128-cmac-96" {
              value 2;
              description
                "Cipher-based Message Authentication Code (AES128) (96 bits)";
            }
            enum "ao" {
              value 3;
              description
                "TCP Authentication Option";
            }
          }
          default "hmac-sha-1-96";
          description
            "Authentication algorithm name";
        }

        leaf tcpao-handling-with-digest-mismatch {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          type enumeration {
            enum "drop-if-no-tcpao" {
              value 0;
              description
                "Drop the connection if Digest mismatched";
            }
            enum "allow-without-tcpao" {
              value 1;
              description
                "Allow the connection establishment without TCP-AO";
            }
          }
          description
            "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
        }

        leaf authentication-key-chain {
          junos:must "(!(".. authentication-key"))";
          junos:must-message "May not be configured with authentication-key";
          junos:must "("security authentication-key-chains key-chain $$")";
          junos:must-message "Referenced key-chain must be defined";
          type string {
            length "1 .. 128";
          }
          description "Key chain name";
        }

        container hold-down {
          presence "enable hold-down";
          leaf hold-down-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "30 .. 65535";
              }
            }
            units "seconds";
            description
              "Prevent re-establishment for this time";
          }

          leaf flaps {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 10";
              }
            }
            description
              "Number of flaps before damping";
          }

          leaf period {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "30 .. 65535";
              }
            }
            units "seconds";
            description
              "Time period for flaps";
          }
        }  // container hold-down

        leaf initiation-message {
          type string {
            length "1 .. 255";
          }
          description
            "User string sent with the initiation message";
        }

        leaf local-address {
          type jt:ipaddr;
          description
            "Address of local end of BMP session";
        }

        leaf local-port {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1024 .. 65535";
            }
          }
          description
            "Local port for listening";
        }

        leaf connection-mode {
          type enumeration {
            enum "active" {
              value 0;
              description
                "Initiate the connection";
            }
            enum "passive" {
              value 1;
              description
                "Listen for the connection";
            }
          }
          description
            "Specify active or passive";
        }

        leaf priority {
          type enumeration {
            enum "low" {
              value 0;
              description "Lowest priority";
            }
            enum "medium" {
              value 1;
              description "Medium priority";
            }
            enum "high" {
              value 2;
              description "Highest priority";
            }
          }
          description
            "Relative dispatch priority";
        }

        leaf monitor {
          type enumeration {
            enum "enable" {
              value 0;
              description
                "Enable monitoring of BGP peer(s)";
            }
            enum "disable" {
              value 1;
              description
                "Disable monitoring of BGP peer(s)";
            }
          }
          description
            "Enable/Disable monitoring";
        }

        container route-monitoring {
          description
            "Control route monitoring settings";
          uses apply-advanced;

          leaf none {
            junos:must "((!(".. pre-policy") && (!(".. post-policy") && (!(".. rib-out") && !(".. loc-rib")))))";
            junos:must-message "May not be configured with pre-policy or post-policy or rib-out or loc-rib";
            type empty;
            description
              "Do not send route monitoring messages";
          }

          leaf loc-rib {
            junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
            junos:must-message "Update threading can't be configured alone with bmp loc-rib monitoring";
            type empty;
            description
              "Send local-rib route monitoring messages";
          }

          container pre-policy {
            presence "enable pre-policy";
            description
              "Send pre policy route monitoring messages";
            leaf exclude-non-feasible {
              type empty;
              description
                "Exclude looped routes, etc";
            }
          }  // container pre-policy

          container post-policy {
            presence "enable post-policy";
            description
              "Send post policy route monitoring messages";
            leaf exclude-non-eligible {
              type empty;
              description
                "Exclude unresolved routes, etc.";
            }
          }  // container post-policy

          container rib-out {
            junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
            junos:must-message "Update threading can't be configured alone with bmp rib-out monitoring";
            presence "enable rib-out";
            description
              "Send adj-ribs-out route monitoring messages";
            leaf pre-policy {
              type empty;
              description
                "Send pre-policy adj-ribs-out route monitoring messages";
            }

            leaf post-policy {
              type empty;
              description
                "Send post-policy adj-ribs-out route monitoring messages";
            }
          }  // container rib-out
        }  // container route-monitoring

        leaf max-loc-rib-buffer-count {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 50";
            }
          }
          description
            "Max number of loc-rib outstanding buffers before blocking";
        }

        leaf station-address {
          type jt:ipaddr;
          description
            "Address/name of monitoring station";
        }

        leaf routing-instance {
          type string;
          description
            "Routing-instance through which BMP station is reachable";
        }

        leaf station-port {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Port of monitoring station";
        }

        leaf statistics-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 65535";
            }
          }
          units "seconds";
          description
            "Statistics message timer, 15-65535, or 0 for no messages";
        }

        container traceoptions {
          description "Trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description
              "Trace flag information";
            leaf name {
              type enumeration {
                enum "packets" {
                  value 0;
                  description
                    "Trace all messages";
                }
                enum "up" {
                  value 1;
                  description
                    "Trace up messages";
                }
                enum "down" {
                  value 2;
                  description
                    "Trace down messages";
                }
                enum "statistics" {
                  value 3;
                  description
                    "Trace statistics messages";
                }
                enum "route-monitoring" {
                  value 4;
                  description
                    "Trace route monitoring messages";
                }
                enum "event" {
                  value 5;
                  description
                    "Trace major events, station establishment, errors, events";
                }
                enum "error" {
                  value 6;
                  description
                    "Trace error conditions";
                }
                enum "write" {
                  value 7;
                  description
                    "Trace writing of messages";
                }
                enum "route" {
                  value 8;
                  description
                    "Trace routing information";
                }
                enum "normal" {
                  value 9;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 10;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 11;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 12;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 13;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 14;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 15;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        list station {
          key "name";
          description "Define a BMP station";
          leaf name {
            type string;
            description "Station name";
          }

          uses apply-advanced;

          leaf authentication-key {
            type string {
              length "1 .. 126";
            }
            description
              "MD5 authentication key";
          }

          leaf authentication-algorithm {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "md5" {
                value 0;
                description
                  "Message Digest 5";
              }
              enum "hmac-sha-1-96" {
                value 1;
                description
                  "Hash-based Message Authentication Code (SHA1) (96 bits)";
              }
              enum "aes-128-cmac-96" {
                value 2;
                description
                  "Cipher-based Message Authentication Code (AES128) (96 bits)";
              }
              enum "ao" {
                value 3;
                description
                  "TCP Authentication Option";
              }
            }
            description
              "Authentication algorithm name";
          }

          leaf tcpao-handling-with-digest-mismatch {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "drop-if-no-tcpao" {
                value 0;
                description
                  "Drop the connection if Digest mismatched";
              }
              enum "allow-without-tcpao" {
                value 1;
                description
                  "Allow the connection establishment without TCP-AO";
              }
            }
            description
              "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
          }

          leaf authentication-key-chain {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string {
              length "1 .. 128";
            }
            description "Key chain name";
          }

          container hold-down {
            presence "enable hold-down";
            leaf hold-down-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "30 .. 65535";
                }
              }
              units "seconds";
              description
                "Prevent re-establishment for this time";
            }

            leaf flaps {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 10";
                }
              }
              description
                "Number of flaps before damping";
            }

            leaf period {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "30 .. 65535";
                }
              }
              units "seconds";
              description
                "Time period for flaps";
            }
          }  // container hold-down

          leaf initiation-message {
            type string {
              length "1 .. 255";
            }
            description
              "User string sent with the initiation message";
          }

          leaf local-address {
            type jt:ipaddr;
            description
              "Address of local end of BMP session";
          }

          leaf local-port {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1024 .. 65535";
              }
            }
            description
              "Local port for listening";
          }

          leaf connection-mode {
            type enumeration {
              enum "active" {
                value 0;
                description
                  "Initiate the connection";
              }
              enum "passive" {
                value 1;
                description
                  "Listen for the connection";
              }
            }
            description
              "Specify active or passive";
          }

          leaf priority {
            type enumeration {
              enum "low" {
                value 0;
                description
                  "Lowest priority";
              }
              enum "medium" {
                value 1;
                description
                  "Medium priority";
              }
              enum "high" {
                value 2;
                description
                  "Highest priority";
              }
            }
            description
              "Relative dispatch priority";
          }

          leaf monitor {
            type enumeration {
              enum "enable" {
                value 0;
                description
                  "Enable monitoring of BGP peer(s)";
              }
              enum "disable" {
                value 1;
                description
                  "Disable monitoring of BGP peer(s)";
              }
            }
            description
              "Enable/Disable monitoring";
          }

          container route-monitoring {
            description
              "Control route monitoring settings";
            uses apply-advanced;

            leaf none {
              junos:must "((!(".. pre-policy") && (!(".. post-policy") && (!(".. rib-out") && !(".. loc-rib")))))";
              junos:must-message "May not be configured with pre-policy or post-policy or rib-out or loc-rib";
              type empty;
              description
                "Do not send route monitoring messages";
            }

            leaf loc-rib {
              junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
              junos:must-message "Update threading can't be configured alone with bmp loc-rib monitoring";
              type empty;
              description
                "Send local-rib route monitoring messages";
            }

            container pre-policy {
              presence "enable pre-policy";
              description
                "Send pre policy route monitoring messages";
              leaf exclude-non-feasible {
                type empty;
                description
                  "Exclude looped routes, etc";
              }
            }  // container pre-policy

            container post-policy {
              presence "enable post-policy";
              description
                "Send post policy route monitoring messages";
              leaf exclude-non-eligible {
                type empty;
                description
                  "Exclude unresolved routes, etc.";
              }
            }  // container post-policy

            container rib-out {
              junos:must "((!("system processes routing bgp update-threading") || "system processes routing bgp rib-sharding"))";
              junos:must-message "Update threading can't be configured alone with bmp rib-out monitoring";
              presence "enable rib-out";
              description
                "Send adj-ribs-out route monitoring messages";
              leaf pre-policy {
                type empty;
                description
                  "Send pre-policy adj-ribs-out route monitoring messages";
              }

              leaf post-policy {
                type empty;
                description
                  "Send post-policy adj-ribs-out route monitoring messages";
              }
            }  // container rib-out
          }  // container route-monitoring

          leaf max-loc-rib-buffer-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 50";
              }
            }
            description
              "Max number of loc-rib outstanding buffers before blocking";
          }

          leaf station-address {
            type jt:ipaddr;
            description
              "Address/name of monitoring station";
          }

          leaf routing-instance {
            type string;
            description
              "Routing-instance through which BMP station is reachable";
          }

          leaf station-port {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description
              "Port of monitoring station";
          }

          leaf statistics-timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 65535";
              }
            }
            units "seconds";
            description
              "Statistics message timer, 15-65535, or 0 for no messages";
          }

          container traceoptions {
            description "Trace options";
            uses apply-advanced;

            container file {
              description
                "Trace file options";
              leaf filename {
                type string {
                  junos:posix-pattern "![/ %]";
                  junos:pattern-message "Must not contain '/', % or a space";
                  length "1 .. 1024";
                }
                description
                  "Name of file in which to write trace information";
              }

              leaf replace {
                type empty;
                status deprecated;
                description
                  "Replace trace file rather than appending to it";
              }

              leaf size {
                type string;
                description
                  "Maximum trace file size";
              }

              leaf files {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "2 .. 1000";
                  }
                }
                default "10";
                description
                  "Maximum number of trace files";
              }

              leaf no-stamp {
                type empty;
                status deprecated;
                description
                  "Do not timestamp trace file";
              }

              choice world-readable-choice {
                leaf world-readable {
                  type empty;
                  description
                    "Allow any user to read the log file";
                }
                leaf no-world-readable {
                  type empty;
                  description
                    "Don't allow any user to read the log file";
                }
              }  // choice world-readable-choice
            }  // container file

            list flag {
              key "name";
              ordered-by user;
              description
                "Trace flag information";
              leaf name {
                type enumeration {
                  enum "packets" {
                    value 0;
                    description
                      "Trace all messages";
                  }
                  enum "up" {
                    value 1;
                    description
                      "Trace up messages";
                  }
                  enum "down" {
                    value 2;
                    description
                      "Trace down messages";
                  }
                  enum "statistics" {
                    value 3;
                    description
                      "Trace statistics messages";
                  }
                  enum "route-monitoring" {
                    value 4;
                    description
                      "Trace route monitoring messages";
                  }
                  enum "event" {
                    value 5;
                    description
                      "Trace major events, station establishment, errors, events";
                  }
                  enum "error" {
                    value 6;
                    description
                      "Trace error conditions";
                  }
                  enum "write" {
                    value 7;
                    description
                      "Trace writing of messages";
                  }
                  enum "route" {
                    value 8;
                    description
                      "Trace routing information";
                  }
                  enum "normal" {
                    value 9;
                    description
                      "Trace normal events";
                  }
                  enum "general" {
                    value 10;
                    description
                      "Trace general events";
                  }
                  enum "state" {
                    value 11;
                    description
                      "Trace state transitions";
                  }
                  enum "policy" {
                    value 12;
                    description
                      "Trace policy processing";
                  }
                  enum "task" {
                    value 13;
                    description
                      "Trace routing protocol task processing";
                  }
                  enum "timer" {
                    value 14;
                    description
                      "Trace routing protocol timer processing";
                  }
                  enum "all" {
                    value 15;
                    description
                      "Trace everything";
                  }
                }
              }

              leaf send {
                type empty;
                description
                  "Trace transmitted packets";
              }

              leaf receive {
                type empty;
                description
                  "Trace received packets";
              }

              leaf detail {
                type empty;
                description
                  "Trace detailed information";
              }

              leaf disable {
                type empty;
                description
                  "Disable this trace flag";
              }
            }  // list flag
          }  // container traceoptions
        }  // list station
      }  // container bmp

      leaf bgp-orf-cisco-mode {
        type empty;
        description
          "Using BGP ORF capability code 130 and Prefix ORF type 128";
      }

      leaf highwatermark-log-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "5 .. 1200";
          }
        }
        units "seconds";
        description
          "High watermark log interval (default 30 seconds)";
      }

      leaf time-averaged-watermark-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 15";
          }
        }
        units "days";
        description
          "For calculating average watermark";
      }

      container ppm {
        presence "enable ppm";
        description
          "Set periodic packet management properties";
        uses apply-advanced;

        leaf delegate-processing {
          type empty;
          status deprecated;
          description
            "Enable distribution of PPM sessions";
        }

        leaf no-delegate-processing {
          type empty;
          description
            "Disable PPM sessions distribution";
        }

        leaf redistribution-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 120";
            }
          }
          description
            "Time to wait after switchover before starting timers";
        }
      }  // container ppm

      leaf no-bfd-triggered-local-repair {
        type empty;
        description
          "Disable bfd triggered local repair";
      }

      leaf maximum-ecmp {
        type enumeration {
          enum "16" {
            value 0;
            description
              "Maximum 16 ECMP routes";
          }
          enum "32" {
            value 1;
            description
              "Maximum 32 ECMP routes";
          }
          enum "64" {
            value 2;
            description
              "Maximum 64 ECMP routes";
          }
          enum "96" {
            value 3;
            description
              "Maximum 96 ECMP routes";
          }
          enum "128" {
            value 4;
            description
              "Maximum 128 ECMP routes";
          }
          enum "160" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 5;
            description
              "Maximum 160 ECMP routes";
          }
          enum "192" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 6;
            description
              "Maximum 192 ECMP routes";
          }
          enum "224" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 7;
            description
              "Maximum 224 ECMP routes";
          }
          enum "256" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 8;
            description
              "Maximum 256 ECMP routes";
          }
          enum "288" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 9;
            description
              "Maximum 288 ECMP routes";
          }
          enum "320" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 10;
            description
              "Maximum 320 ECMP routes";
          }
          enum "352" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 11;
            description
              "Maximum 352 ECMP routes";
          }
          enum "384" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 12;
            description
              "Maximum 384 ECMP routes";
          }
          enum "416" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 13;
            description
              "Maximum 416 ECMP routes";
          }
          enum "448" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 14;
            description
              "Maximum 448 ECMP routes";
          }
          enum "480" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 15;
            description
              "Maximum 480 ECMP routes";
          }
          enum "512" {
            junos:must "(!("system processes routing force-32-bit"))";
            junos:must-message "32-bit rpd doesn't support ecmp greater than 128";
            value 16;
            description
              "Maximum 512 ECMP routes";
          }
        }
        description
          "Maximum ECMP limit for nexthops";
      }

      container static {
        description "Static routes";
        uses apply-advanced;

        leaf rib-group {
          type string;
          description "Routing table group";
        }

        container defaults {
          description "Global route options";
          uses apply-advanced;

          choice retain-choice {
            leaf retain {
              junos:must "(!(".. resolve"))";
              junos:must-message "Must not specify resolve with retain";
              type empty;
              description
                "Always keep route in forwarding table";
            }
            leaf no-retain {
              junos:must "(!(".. resolve"))";
              junos:must-message "Must not specify resolve with retain";
              type empty;
              description
                "Don't always keep route in forwarding table";
            }
          }  // choice retain-choice

          choice install-choice {
            leaf install {
              type empty;
              description
                "Install route into forwarding table";
            }
            leaf no-install {
              type empty;
              description
                "Don't install route into forwarding table";
            }
          }  // choice install-choice

          choice readvertise-choice {
            leaf readvertise {
              type empty;
              description
                "Mark route as eligible to be readvertised";
            }
            leaf no-readvertise {
              type empty;
              description
                "Don't mark route as eligible to be readvertised";
            }
          }  // choice readvertise-choice

          choice resolve-choice {
            leaf resolve {
              type empty;
              description
                "Allow resolution of indirectly connected next hops";
            }
            leaf no-resolve {
              type empty;
              description
                "Don't allow resolution of indirectly connected next hops";
            }
          }  // choice resolve-choice

          choice longest-match-choice {
            leaf longest-match {
              junos:must "(".. resolve")";
              junos:must-message "Requires resolve to be configured";
              type empty;
              description
                "Always use longest prefix match to resolve next hops";
            }
            leaf no-longest-match {
              junos:must "(".. resolve")";
              junos:must-message "Requires resolve to be configured";
              type empty;
              description
                "Don't always use longest prefix match to resolve next hops";
            }
          }  // choice longest-match-choice

          choice passive_flag {
            leaf active {
              type empty;
              description
                "Remove inactive route from forwarding table";
            }
            leaf passive {
              type empty;
              description
                "Retain inactive route in forwarding table";
            }
          }  // choice passive_flag

          container metric {
            presence "enable metric";
            description "Metric value";
            uses rib_static_metric_type;
          }  // container metric

          container metric2 {
            presence "enable metric2";
            description "Metric value 2";
            uses rib_static_metric_type;
          }  // container metric2

          container metric3 {
            presence "enable metric3";
            description "Metric value 3";
            uses rib_static_metric_type;
          }  // container metric3

          container metric4 {
            presence "enable metric4";
            description "Metric value 4";
            uses rib_static_metric_type;
          }  // container metric4

          container tag {
            presence "enable tag";
            description "Tag string";
            uses rib_static_metric_type;
          }  // container tag

          container tag2 {
            presence "enable tag2";
            description "Tag string 2";
            uses rib_static_metric_type;
          }  // container tag2

          container preference {
            presence "enable preference";
            description "Preference value";
            uses rib_static_metric_type;
          }  // container preference

          container preference2 {
            presence "enable preference2";
            description "Preference value 2";
            uses rib_static_metric_type;
          }  // container preference2

          container color {
            presence "enable color";
            description
              "Color (preference) value";
            uses rib_static_metric_type;
          }  // container color

          container color2 {
            presence "enable color2";
            description
              "Color (preference) value 2";
            uses rib_static_metric_type;
          }  // container color2

          leaf-list community {
            type jt:community;
            ordered-by user;
            description
              "BGP community identifier";
          }

          container as-path {
            description
              "Autonomous system path";
            uses apply-advanced;

            leaf path {
              type string;
              description
                "Autonomous system path";
            }

            leaf origin {
              type enumeration {
                enum "igp" {
                  value 0;
                  description
                    "Path originated in the local IGP";
                }
                enum "egp" {
                  value 1;
                  description
                    "Path originated in another AS";
                }
                enum "incomplete" {
                  value 2;
                  description
                    "Path was learned by some other means";
                }
              }
            }

            leaf atomic-aggregate {
              type empty;
              description
                "Add ATOMIC_AGGREGATE path attribute to route";
            }

            container aggregator {
              presence "enable aggregator";
              description
                "Add AGGREGATOR path attribute to route";
            }  // container aggregator

            leaf as-number {
              type string {
                junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
              }
              description
                " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
            }

            leaf address {
              type jt:ipv4addr;
              description
                "Address of BGP system that formed the route";
            }
          }  // container as-path
        }  // container defaults

        list route {
          key "name";
          ordered-by user;
          description "Static route";
          leaf name {
            type jt:ipprefix;
          }

          uses apply-advanced;

          choice next_hop {
            leaf-list next-hop {
              type union {
                type jt:ipaddr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description
                "Next hop to destination";
            }
            leaf reject {
              type empty;
              description
                "Drop packets to destination; send ICMP unreachables";
            }
            leaf discard {
              type empty;
              description
                "Drop packets to destination; send no ICMP unreachables";
            }
            leaf receive {
              type empty;
              description
                "Install a receive route for the destination";
            }
            leaf next-table {
              type string {
                junos:posix-pattern "^(((.{0,128})[:](.{1,128})[.]|((.{1,128})[.]))?([a-z]|[0-9]|[-_])+[.]((1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])))$";
                junos:pattern-message "Must match the format [<instance-name>[:<topology-name>].]<family-name>.<rib-id>";
              }
              description
                "Next hop to another table";
            }
          }  // choice next_hop

          list qualified-next-hop {
            key "name";
            ordered-by user;
            description
              "Next hop with qualifiers";
            uses qualified_nh_obj;
          }  // list qualified-next-hop

          leaf backup-pe-group {
            junos:must "(".. p2mp-lsp-next-hop")";
            junos:must-message "Backup groups only allowed for static routes with p2mp lsp next-hop";
            type string;
            description
              "Multicast source redundancy group";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication

            leaf neighbor {
              type jt:ipaddr;
              description
                "BFD neighbor address";
            }

            leaf local-address {
              type jt:ipaddr;
              description
                "BFD local address (for multihop only)";
            }

            leaf holddown-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Time to hold the session-UP notification to the client";
            }

            leaf minimum-receive-ttl {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "1 .. 255";
                }
              }
              description
                "Minimum receive TTL below which to drop";
            }
          }  // container bfd-liveness-detection

          choice retain-choice {
            leaf retain {
              junos:must "(!(".. resolve"))";
              junos:must-message "Must not specify resolve with retain";
              type empty;
              description
                "Always keep route in forwarding table";
            }
            leaf no-retain {
              junos:must "(!(".. resolve"))";
              junos:must-message "Must not specify resolve with retain";
              type empty;
              description
                "Don't always keep route in forwarding table";
            }
          }  // choice retain-choice

          choice install-choice {
            leaf install {
              type empty;
              description
                "Install route into forwarding table";
            }
            leaf no-install {
              type empty;
              description
                "Don't install route into forwarding table";
            }
          }  // choice install-choice

          choice readvertise-choice {
            leaf readvertise {
              type empty;
              description
                "Mark route as eligible to be readvertised";
            }
            leaf no-readvertise {
              type empty;
              description
                "Don't mark route as eligible to be readvertised";
            }
          }  // choice readvertise-choice

          choice resolve-choice {
            leaf resolve {
              type empty;
              description
                "Allow resolution of indirectly connected next hops";
            }
            leaf no-resolve {
              type empty;
              description
                "Don't allow resolution of indirectly connected next hops";
            }
          }  // choice resolve-choice

          choice longest-match-choice {
            leaf longest-match {
              junos:must "(".. resolve")";
              junos:must-message "Requires resolve to be configured";
              type empty;
              description
                "Always use longest prefix match to resolve next hops";
            }
            leaf no-longest-match {
              junos:must "(".. resolve")";
              junos:must-message "Requires resolve to be configured";
              type empty;
              description
                "Don't always use longest prefix match to resolve next hops";
            }
          }  // choice longest-match-choice

          choice passive_flag {
            leaf active {
              type empty;
              description
                "Remove inactive route from forwarding table";
            }
            leaf passive {
              type empty;
              description
                "Retain inactive route in forwarding table";
            }
          }  // choice passive_flag

          container metric {
            presence "enable metric";
            description "Metric value";
            uses rib_static_metric_type;
          }  // container metric

          container metric2 {
            presence "enable metric2";
            description "Metric value 2";
            uses rib_static_metric_type;
          }  // container metric2

          container metric3 {
            presence "enable metric3";
            description "Metric value 3";
            uses rib_static_metric_type;
          }  // container metric3

          container metric4 {
            presence "enable metric4";
            description "Metric value 4";
            uses rib_static_metric_type;
          }  // container metric4

          container tag {
            presence "enable tag";
            description "Tag string";
            uses rib_static_metric_type;
          }  // container tag

          container tag2 {
            presence "enable tag2";
            description "Tag string 2";
            uses rib_static_metric_type;
          }  // container tag2

          container preference {
            presence "enable preference";
            description "Preference value";
            uses rib_static_metric_type;
          }  // container preference

          container preference2 {
            presence "enable preference2";
            description "Preference value 2";
            uses rib_static_metric_type;
          }  // container preference2

          container color {
            presence "enable color";
            description
              "Color (preference) value";
            uses rib_static_metric_type;
          }  // container color

          container color2 {
            presence "enable color2";
            description
              "Color (preference) value 2";
            uses rib_static_metric_type;
          }  // container color2

          leaf-list community {
            type jt:community;
            ordered-by user;
            description
              "BGP community identifier";
          }

          container as-path {
            description
              "Autonomous system path";
            uses apply-advanced;

            leaf path {
              type string;
              description
                "Autonomous system path";
            }

            leaf origin {
              type enumeration {
                enum "igp" {
                  value 0;
                  description
                    "Path originated in the local IGP";
                }
                enum "egp" {
                  value 1;
                  description
                    "Path originated in another AS";
                }
                enum "incomplete" {
                  value 2;
                  description
                    "Path was learned by some other means";
                }
              }
            }

            leaf atomic-aggregate {
              type empty;
              description
                "Add ATOMIC_AGGREGATE path attribute to route";
            }

            container aggregator {
              presence "enable aggregator";
              description
                "Add AGGREGATOR path attribute to route";
            }  // container aggregator

            leaf as-number {
              type string {
                junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
              }
              description
                " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
            }

            leaf address {
              type jt:ipv4addr;
              description
                "Address of BGP system that formed the route";
            }
          }  // container as-path

          list lsp-next-hop {
            key "name";
            ordered-by user;
            description "LSP next hop";
            uses lsp_nh_obj;
          }  // list lsp-next-hop

          list p2mp-lsp-next-hop {
            key "name";
            max-elements 1;
            ordered-by user;
            description
              "Point-to-multipoint LSP next hop";
            uses lsp_nh_obj;
          }  // list p2mp-lsp-next-hop

          container spring-te-lsp-next-hop {
            junos:must "("protocols source-packet-routing tunnel-tracking")";
            junos:must-message "Please enable the tunnel-tracking  under 'protocols source-packet-routing' hierarchy";
            description
              "SPRING-TE LSP next hop";
            uses springte_lsp_nh_obj;
          }  // container spring-te-lsp-next-hop

          container p2mp-ldp-next-hop {
            description
              "Point-to-multipoint LDP LSP next hop";
            uses p2mp_ldp_lsp_nh_obj;
          }  // container p2mp-ldp-next-hop

          list static-lsp-next-hop {
            key "name";
            ordered-by user;
            description
              "Static LSP next hop";
            uses lsp_nh_obj;
          }  // list static-lsp-next-hop
        }  // list route

        container static-route {
          description "Static route Status";
          leaf bfd-admin-down {
            type enumeration {
              enum "active" {
                value 0;
                description
                  "Static route will be inactive on bfd-admin-down";
              }
              enum "passive" {
                value 1;
                description
                  "Static route will remain active on bfd-admin-down";
              }
            }
            description
              "Static route State on BFD ADMIN DOWN";
          }
        }  // container static-route

        list iso-route {
          key "name";
          ordered-by user;
          description
            "ISO family static route";
          leaf name {
            type jt:isoprefix;
          }

          uses apply-advanced;

          choice next_hop {
            leaf-list next-hop {
              type union {
                type jt:ipaddr-or-interface;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              ordered-by user;
              description
                "Next hop to destination";
            }
            leaf reject {
              type empty;
              description
                "Drop packets to destination; send ICMP unreachables";
            }
            leaf discard {
              type empty;
              description
                "Drop packets to destination; send no ICMP unreachables";
            }
            leaf receive {
              type empty;
              description
                "Install a receive route for the destination";
            }
            leaf next-table {
              type string {
                junos:posix-pattern "^(((.{0,128})[:](.{1,128})[.]|((.{1,128})[.]))?([a-z]|[0-9]|[-_])+[.]((1?[0-9]{1,2})|(2[0-4][0-9])|(25[0-5])))$";
                junos:pattern-message "Must match the format [<instance-name>[:<topology-name>].]<family-name>.<rib-id>";
              }
              description
                "Next hop to another table";
            }
          }  // choice next_hop

          list qualified-next-hop {
            key "name";
            ordered-by user;
            description
              "Next hop with qualifiers";
            uses qualified_nh_obj;
          }  // list qualified-next-hop

          leaf backup-pe-group {
            junos:must "(".. p2mp-lsp-next-hop")";
            junos:must-message "Backup groups only allowed for static routes with p2mp lsp next-hop";
            type string;
            description
              "Multicast source redundancy group";
          }

          container bfd-liveness-detection {
            description
              "Bidirectional Forwarding Detection (BFD) options";
            uses apply-advanced;

            leaf version {
              type enumeration {
                enum "0" {
                  value 0;
                  description
                    "BFD version 0 (deprecated)";
                }
                enum "1" {
                  value 1;
                  description
                    "BFD version 1";
                }
                enum "automatic" {
                  value 2;
                  description
                    "Choose BFD version automatically";
                }
              }
              default "automatic";
              description
                "BFD protocol version number";
            }

            leaf minimum-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum transmit and receive interval";
            }

            leaf minimum-transmit-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              status deprecated;
              description
                "Minimum transmit interval";
            }

            leaf minimum-receive-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Minimum receive interval";
            }

            leaf multiplier {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              default "3";
              description
                "Detection time multiplier";
            }

            choice adaptation-choice {
              leaf no-adaptation {
                type empty;
                description
                  "Disable adaptation";
              }
            }  // choice adaptation-choice

            container transmit-interval {
              description
                "Transmit-interval options";
              uses apply-advanced;

              leaf minimum-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255000";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High transmit interval triggering a trap";
              }
            }  // container transmit-interval

            container detection-time {
              description
                "Detection-time options";
              uses apply-advanced;

              leaf threshold {
                type union {
                  type uint32;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                units "milliseconds";
                description
                  "High detection-time triggering a trap";
              }
            }  // container detection-time

            container authentication {
              description
                "Authentication options";
              uses apply-advanced;

              leaf key-chain {
                junos:must "(".. algorithm")";
                junos:must-message "May not be configured without algorithm";
                junos:must "("security authentication-key-chains key-chain $$")";
                junos:must-message "Referenced key-chain must be defined";
                type string;
                description "Key chain name";
              }

              leaf algorithm {
                junos:must "(".. key-chain")";
                junos:must-message "May not be configured without key-chain";
                type enumeration {
                  enum "simple-password" {
                    value 0;
                    description
                      "Simple password";
                  }
                  enum "keyed-md5" {
                    value 1;
                    description
                      "Keyed message Digest 5";
                  }
                  enum
                    "meticulous-keyed-md5" {
                    value 2;
                    description
                      "Meticulous keyed message Digest 5";
                  }
                  enum "keyed-sha-1" {
                    value 3;
                    description
                      "Keyed secure hash algorithm (SHA1) ";
                  }
                  enum
                    "meticulous-keyed-sha-1" {
                    value 4;
                    description
                      "Meticulous keyed secure hash algorithm (SHA1) ";
                  }
                }
                description "Algorithm name";
              }

              leaf loose-check {
                type empty;
                description
                  "Verify authentication only if authentication is negotiated";
              }
            }  // container authentication

            leaf neighbor {
              type jt:ipaddr;
              description
                "BFD neighbor address";
            }

            leaf local-address {
              type jt:ipaddr;
              description
                "BFD local address (for multihop only)";
            }

            leaf holddown-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255000";
                }
              }
              units "milliseconds";
              description
                "Time to hold the session-UP notification to the client";
            }

            leaf minimum-receive-ttl {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint8 {
                  range "1 .. 255";
                }
              }
              description
                "Minimum receive TTL below which to drop";
            }
          }  // container bfd-liveness-detection

          choice retain-choice {
            leaf retain {
              junos:must "(!(".. resolve"))";
              junos:must-message "Must not specify resolve with retain";
              type empty;
              description
                "Always keep route in forwarding table";
            }
            leaf no-retain {
              junos:must "(!(".. resolve"))";
              junos:must-message "Must not specify resolve with retain";
              type empty;
              description
                "Don't always keep route in forwarding table";
            }
          }  // choice retain-choice

          choice install-choice {
            leaf install {
              type empty;
              description
                "Install route into forwarding table";
            }
            leaf no-install {
              type empty;
              description
                "Don't install route into forwarding table";
            }
          }  // choice install-choice

          choice readvertise-choice {
            leaf readvertise {
              type empty;
              description
                "Mark route as eligible to be readvertised";
            }
            leaf no-readvertise {
              type empty;
              description
                "Don't mark route as eligible to be readvertised";
            }
          }  // choice readvertise-choice

          choice resolve-choice {
            leaf resolve {
              type empty;
              description
                "Allow resolution of indirectly connected next hops";
            }
            leaf no-resolve {
              type empty;
              description
                "Don't allow resolution of indirectly connected next hops";
            }
          }  // choice resolve-choice

          choice longest-match-choice {
            leaf longest-match {
              junos:must "(".. resolve")";
              junos:must-message "Requires resolve to be configured";
              type empty;
              description
                "Always use longest prefix match to resolve next hops";
            }
            leaf no-longest-match {
              junos:must "(".. resolve")";
              junos:must-message "Requires resolve to be configured";
              type empty;
              description
                "Don't always use longest prefix match to resolve next hops";
            }
          }  // choice longest-match-choice

          choice passive_flag {
            leaf active {
              type empty;
              description
                "Remove inactive route from forwarding table";
            }
            leaf passive {
              type empty;
              description
                "Retain inactive route in forwarding table";
            }
          }  // choice passive_flag

          container metric {
            presence "enable metric";
            description "Metric value";
            uses rib_static_metric_type;
          }  // container metric

          container metric2 {
            presence "enable metric2";
            description "Metric value 2";
            uses rib_static_metric_type;
          }  // container metric2

          container metric3 {
            presence "enable metric3";
            description "Metric value 3";
            uses rib_static_metric_type;
          }  // container metric3

          container metric4 {
            presence "enable metric4";
            description "Metric value 4";
            uses rib_static_metric_type;
          }  // container metric4

          container tag {
            presence "enable tag";
            description "Tag string";
            uses rib_static_metric_type;
          }  // container tag

          container tag2 {
            presence "enable tag2";
            description "Tag string 2";
            uses rib_static_metric_type;
          }  // container tag2

          container preference {
            presence "enable preference";
            description "Preference value";
            uses rib_static_metric_type;
          }  // container preference

          container preference2 {
            presence "enable preference2";
            description "Preference value 2";
            uses rib_static_metric_type;
          }  // container preference2

          container color {
            presence "enable color";
            description
              "Color (preference) value";
            uses rib_static_metric_type;
          }  // container color

          container color2 {
            presence "enable color2";
            description
              "Color (preference) value 2";
            uses rib_static_metric_type;
          }  // container color2

          leaf-list community {
            type jt:community;
            ordered-by user;
            description
              "BGP community identifier";
          }

          container as-path {
            description
              "Autonomous system path";
            uses apply-advanced;

            leaf path {
              type string;
              description
                "Autonomous system path";
            }

            leaf origin {
              type enumeration {
                enum "igp" {
                  value 0;
                  description
                    "Path originated in the local IGP";
                }
                enum "egp" {
                  value 1;
                  description
                    "Path originated in another AS";
                }
                enum "incomplete" {
                  value 2;
                  description
                    "Path was learned by some other means";
                }
              }
            }

            leaf atomic-aggregate {
              type empty;
              description
                "Add ATOMIC_AGGREGATE path attribute to route";
            }

            container aggregator {
              presence "enable aggregator";
              description
                "Add AGGREGATOR path attribute to route";
            }  // container aggregator

            leaf as-number {
              type string {
                junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
              }
              description
                " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
            }

            leaf address {
              type jt:ipv4addr;
              description
                "Address of BGP system that formed the route";
            }
          }  // container as-path

          list lsp-next-hop {
            key "name";
            ordered-by user;
            description "LSP next hop";
            uses lsp_nh_obj;
          }  // list lsp-next-hop

          list p2mp-lsp-next-hop {
            key "name";
            max-elements 1;
            ordered-by user;
            description
              "Point-to-multipoint LSP next hop";
            uses lsp_nh_obj;
          }  // list p2mp-lsp-next-hop

          container spring-te-lsp-next-hop {
            junos:must "("protocols source-packet-routing tunnel-tracking")";
            junos:must-message "Please enable the tunnel-tracking  under 'protocols source-packet-routing' hierarchy";
            description
              "SPRING-TE LSP next hop";
            uses springte_lsp_nh_obj;
          }  // container spring-te-lsp-next-hop

          container p2mp-ldp-next-hop {
            description
              "Point-to-multipoint LDP LSP next hop";
            uses p2mp_ldp_lsp_nh_obj;
          }  // container p2mp-ldp-next-hop
        }  // list iso-route

        list route-target-filter {
          key "name";
          ordered-by user;
          description
            "Route-target-filter route";
          leaf name {
            type string {
              junos:posix-pattern "^[0-9.]{1,15}L?:[0-9]{1,10}/([0-9]|[2-5][0-9]|6[0-4])$";
              junos:pattern-message "Use format 'x:y/len' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. 123456L:100 and len is a prefix length from 0 to 64";
              length "1 .. 47";
            }
          }

          uses apply-advanced;

          leaf-list neighbor {
            type jt:ipaddr-scoped;
            ordered-by user;
            description
              "BGP peers for filter";
          }

          leaf-list group {
            type string;
            ordered-by user;
            description
              "BGP groups for filter";
          }

          leaf local {
            type empty;
            description
              "Locally originated filter";
          }
        }  // list route-target-filter
      }  // container static

      list martians {
        key "address choice-ident choice-value";
        ordered-by user;
        description "Invalid routes";
        uses martian_type;
      }  // list martians

      container aggregate {
        description "Coalesced routes";
        uses rib_aggregate_type;
      }  // container aggregate

      container generate {
        description "Route of last resort";
        uses rib_aggregate_type;
      }  // container generate

      choice maximum-paths-type {
        container maximum-routes {
          status deprecated;
          description
            "Maximum number of routes";
          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Maximum number of routes";
          }

          choice log_type {
            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of limit at which to start generating warnings";
            }
            leaf log-only {
              type empty;
              description
                "Generate warning messages only";
            }
          }  // choice log_type

          leaf log-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "5 .. 86400";
              }
            }
            units "seconds";
            description
              "Minimum interval between log messages";
          }
        }  // container maximum-routes
        container maximum-paths {
          description
            "Maximum number of paths";
          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            description
              "Maximum number of paths";
          }

          choice log_type {
            leaf threshold {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage of limit at which to start generating warnings";
            }
            leaf log-only {
              type empty;
              description
                "Generate warning messages only";
            }
          }  // choice log_type

          leaf log-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "5 .. 86400";
              }
            }
            units "seconds";
            description
              "Minimum interval between log messages";
          }
        }  // container maximum-paths
      }  // choice maximum-paths-type

      container maximum-prefixes {
        description
          "Maximum number of prefixes";
        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 4294967295";
            }
          }
          description
            "Maximum number of prefixes";
        }

        choice log_type {
          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            description
              "Percentage of limit at which to start generating warnings";
          }
          leaf log-only {
            type empty;
            description
              "Generate warning messages only";
          }
        }  // choice log_type

        leaf log-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "5 .. 86400";
            }
          }
          units "seconds";
          description
            "Minimum interval between log messages";
        }
      }  // container maximum-prefixes

      container multipath {
        presence "enable multipath";
        description
          "Protocol-independent load balancing";
        uses apply-advanced;

        container vpn-unequal-cost {
          presence "enable vpn-unequal-cost";
          description
            "Include VPN routes with unequal IGP metrics";
          leaf equal-external-internal {
            type empty;
            description
              "Include external and internal VPN routes";
          }
        }  // container vpn-unequal-cost

        leaf as-path-compare {
          type empty;
          description
            "Compare AS path sequences in addition to AS path length";
        }

        leaf preserve-nexthop-hierarchy {
          type empty;
          description
            "Force multipath to create List nexthop";
        }
      }  // container multipath

      container policy-multipath {
        description "Policy based multipath";
        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Import policy to create policy based multipath";
        }

        container traceoptions {
          description "Trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "route" {
                  value 0;
                  description
                    "Policy-multipath route tracing.";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions
      }  // container policy-multipath

      container protect {
        description
          "Protocol-independent protection";
        leaf core {
          type empty;
          description
            "Protect against unreachability to service-edge router";
        }
      }  // container protect

      container access {
        description "Access routes";
        uses apply-advanced;

        list route {
          key "name";
          ordered-by user;
          description "Access route";
          leaf name {
            type jt:ipprefix;
            description
              "IP address of destination";
          }

          uses apply-advanced;

          leaf-list next-hop {
            type union {
              type jt:ipaddr-or-interface;
              type string {
                pattern "<.*>|$.*";
              }
            }
            ordered-by user;
            description
              "Next hop to destination";
          }

          list qualified-next-hop {
            key "name";
            ordered-by user;
            description
              "Next hop with qualifiers";
            uses qualified_nh_obj;
          }  // list qualified-next-hop

          leaf metric {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description "Metric value";
          }

          leaf preference {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Preference value";
          }

          leaf tag {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Tag string";
          }

          leaf tag2 {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Tag2 string";
          }
        }  // list route
      }  // container access

      container access-internal {
        description "Access-internal routes";
        uses apply-advanced;

        list route {
          key "name";
          ordered-by user;
          description
            "Access-internal route";
          leaf name {
            type jt:ipprefix;
            description
              "IP address and optional prefix length of destination";
          }

          uses apply-advanced;

          leaf-list next-hop {
            type union {
              type jt:ipaddr-or-interface;
              type string {
                pattern "<.*>|$.*";
              }
            }
            ordered-by user;
            description
              "Next hop to destination";
          }

          list qualified-next-hop {
            key "name";
            ordered-by user;
            description
              "Next hop with qualifiers";
            uses qualified_nh_obj;
          }  // list qualified-next-hop
        }  // list route
      }  // container access-internal

      container bgp-static {
        description
          "Routes for BGP static advertisements";
        uses apply-advanced;

        list route {
          key "name";
          ordered-by user;
          description "BGP-static route";
          leaf name {
            type jt:ipprefix;
            description
              "IP address and optional prefix length of destination";
          }

          uses apply-advanced;

          container metric {
            presence "enable metric";
            description "Metric value";
            uses rib_static_metric_type;
          }  // container metric

          container metric2 {
            presence "enable metric2";
            description "Metric value 2";
            uses rib_static_metric_type;
          }  // container metric2

          container metric3 {
            presence "enable metric3";
            description "Metric value 3";
            uses rib_static_metric_type;
          }  // container metric3

          container metric4 {
            presence "enable metric4";
            description "Metric value 4";
            uses rib_static_metric_type;
          }  // container metric4

          container tag {
            presence "enable tag";
            description "Tag string";
            uses rib_static_metric_type;
          }  // container tag

          container tag2 {
            presence "enable tag2";
            description "Tag string 2";
            uses rib_static_metric_type;
          }  // container tag2

          container preference {
            presence "enable preference";
            description "Preference value";
            uses rib_static_metric_type;
          }  // container preference

          container preference2 {
            presence "enable preference2";
            description "Preference value 2";
            uses rib_static_metric_type;
          }  // container preference2

          container color {
            presence "enable color";
            description
              "Color (preference) value";
            uses rib_static_metric_type;
          }  // container color

          container color2 {
            presence "enable color2";
            description
              "Color (preference) value 2";
            uses rib_static_metric_type;
          }  // container color2

          leaf-list community {
            type jt:community;
            ordered-by user;
            description
              "BGP community identifier";
          }

          container as-path {
            description
              "Autonomous system path";
            uses apply-advanced;

            leaf path {
              type string;
              description
                "Autonomous system path";
            }

            leaf origin {
              type enumeration {
                enum "igp" {
                  value 0;
                  description
                    "Path originated in the local IGP";
                }
                enum "egp" {
                  value 1;
                  description
                    "Path originated in another AS";
                }
                enum "incomplete" {
                  value 2;
                  description
                    "Path was learned by some other means";
                }
              }
            }

            leaf atomic-aggregate {
              type empty;
              description
                "Add ATOMIC_AGGREGATE path attribute to route";
            }

            container aggregator {
              presence "enable aggregator";
              description
                "Add AGGREGATOR path attribute to route";
            }  // container aggregator

            leaf as-number {
              type string {
                junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
                junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
              }
              description
                " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
            }

            leaf address {
              type jt:ipv4addr;
              description
                "Address of BGP system that formed the route";
            }
          }  // container as-path
        }  // list route
      }  // container bgp-static

      list rib-groups {
        key "name";
        ordered-by user;
        description
          "Group of routing tables";
        uses rpd_rib_group_type;
      }  // list rib-groups

      leaf route-record {
        type empty;
        description "Enable route recording";
      }

      leaf-list instance-import {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Import policy for instance RIBs";
      }

      leaf-list instance-export {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Export policy for instance RIBs";
      }

      container auto-export {
        presence "enable auto-export";
        description
          "Export routes between routing instances";
        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable auto-export";
          }
        }  // choice enable-disable

        container traceoptions {
          description "Trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "export" {
                  value 0;
                  description
                    "Export processing";
                }
                enum "route" {
                  value 1;
                  description
                    "Trace routing information";
                }
                enum "normal" {
                  value 2;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 3;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 4;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 5;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 6;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 7;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 8;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        container family {
          container inet {
            description "IPv4 parameters";
            uses export-af-obj;
          }  // container inet

          container inet6 {
            description "IPv6 parameters";
            uses export-af-obj;
          }  // container inet6

          container iso {
            description "ISO parameters";
            uses export-af-obj;
          }  // container iso
        }  // container family
      }  // container auto-export

      container transport-class {
        junos:must "("routing-options route-distinguisher-id")";
        junos:must-message "transport classes use auto-rd. Please configure route-distinguisher-id";
        presence "enable transport-class";
        description
          "Transport layer options";
        uses apply-advanced;

        leaf auto-create {
          type empty;
          description
            "Auto create on color discovery";
        }

        list name {
          key "name";
          ordered-by user;
          description
            "Transport layer collecting Tunnels with similar characteristics";
          leaf name {
            type string;
            description
              "Transport class name";
          }

          uses apply-advanced;

          leaf color {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Color(0..4294967295). This auto derives the Mapping Community and Route Target";
          }
        }  // list name
      }  // container transport-class

      container dynamic-tunnels {
        description
          "Dynamic tunnel definitions";
        uses apply-advanced;

        list tunnel-attributes {
          key "name";
          ordered-by user;
          description
            "Dynamic tunnel attributes definition";
          leaf name {
            type string {
              junos:posix-pattern "![^a-zA-Z0-9_-]|(^(all|.{64,})$)";
              junos:pattern-message "Tunnel attribute name is a string consisting of up to 63 letters, numbers, dashes, and underscores";
            }
            description
              "Dynamic Tunnel attribute name";
          }

          uses apply-advanced;

          leaf dynamic-tunnel-source-prefix {
            junos:must "(".. dynamic-tunnel-type V4oV6")";
            junos:must-message "Tunnel source address, only valid for V4oV6 tunnel type";
            type jt:ipaddr;
            description
              "Tunnel source address";
          }

          leaf dynamic-tunnel-type {
            type enumeration {
              enum "GRE" {
                value 0;
                description
                  "Tunnel type GRE";
              }
              enum "V4oV6" {
                value 1;
                description
                  "Tunnel type is IPV4oIPV6";
              }
              enum "UDP" {
                value 2;
                description
                  "Tunnel type UDP";
              }
              enum "BGP-SIGNAL" {
                value 3;
                description
                  "Tunnel type BGP-SIGNAL";
              }
            }
          }

          leaf dynamic-tunnel-mtu {
            junos:must "(".. dynamic-tunnel-type V4oV6")";
            junos:must-message "Only supported for tunnel type V4oV6";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "296 .. 9232";
              }
            }
            description
              "Dynamic Tunnel MTU value";
          }

          leaf dynamic-tunnel-anchor-pfe {
            type string {
              junos:posix-pattern "^(pfe-)[1-9]?[0-9]/[1-9]?[0-9]/[1-9]?[0-9]$";
              junos:pattern-message "Must be a PFE interface of form pfe-x/y/z";
            }
            description
              "Dynamic Tunnel anchor PFE name of format pfe-x/y/z";
          }

          leaf dynamic-tunnel-anti-spoof {
            junos:must "(".. dynamic-tunnel-type V4oV6")";
            junos:must-message "Only supported for tunnel type V4oV6";
            type enumeration {
              enum "on" {
                value 0;
                description
                  "Enable antispoofing check. Default is enabled";
              }
              enum "off" {
                value 1;
                description
                  "Disable antispoofing check";
              }
            }
          }

          leaf dynamic-tunnel-reassembly {
            junos:must "(".. dynamic-tunnel-type V4oV6")";
            junos:must-message "Only supported for tunnel type V4oV6";
            type enumeration {
              enum "on" {
                value 0;
                description
                  "Enable reassembly check. Default is disabled";
              }
              enum "off" {
                value 1;
                description
                  "Disable reassembly check";
              }
            }
          }
        }  // list tunnel-attributes

        list forwarding-rib {
          key "name";
          ordered-by user;
          description
            "Forwarding routing table for dynamic-tunnel";
          leaf name {
            type string;
            description "Routing table name";
          }

          uses apply-advanced;

          leaf-list inet-import {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Import policy for V4 dynamic-tunnel";
          }
        }  // list forwarding-rib

        container statistics {
          description
            "Fetch traffic statistics for  dynamic tunnels";
          uses apply-advanced;

          leaf interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            units "seconds";
            description
              "Time after which statistics has to be fetched";
          }
        }  // container statistics

        container traceoptions {
          description "Trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "kernel" {
                  value 0;
                  description
                    "Trace kernel communication";
                }
                enum "tunnel" {
                  value 1;
                  description
                    "Trace tunnel addition, change, or deletion";
                }
                enum "task" {
                  value 2;
                  description
                    "Trace task or job processing";
                }
                enum "tunnel-event" {
                  value 3;
                  description
                    "Trace create, delete, up, down event for nh based tunnel";
                }
                enum "flash-event" {
                  value 4;
                  description
                    "Trace flash event for tunnel forwarding route";
                }
                enum "stats-job" {
                  value 5;
                  description
                    "Trace taffic statistics job related stuff";
                }
                enum "all" {
                  value 6;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        leaf gre {
          type enumeration {
            enum "next-hop-based-tunnel" {
              value 0;
              description
                "Enable nh base dynamic-tunnel";
            }
          }
          description
            "Enable dynamic gre tunnel mode";
        }

        list dynamic-tunnel {
          key "name";
          ordered-by user;
          uses dynamic_tunnel_type;
        }  // list dynamic-tunnel
      }  // container dynamic-tunnels

      list interface {
        key "name";
        ordered-by user;
        description
          "Direct/Host route FRR protection";
        leaf name {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        leaf arp-prefix-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 10000";
            }
          }
          description
            "Max ARP/Host FRR routes allowed";
        }

        leaf supplementary-blackout-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 15";
            }
          }
          description
            "ARP plimit blackout timer = kernel ARP timeout + supplementary-blackout-timer minutes.";
        }

        choice protection-type {
          leaf link-protection {
            type empty;
            description
              "Protect interface from link faults only";
          }
        }  // choice protection-type
      }  // list interface

      container host-fast-reroute {
        presence "enable host-fast-reroute";
        description
          "Host Fast Re-route global values. Applies to all host FRR profiles.";
        uses apply-advanced;

        leaf global-arp-prefix-limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 10000";
            }
          }
          description
            "Max ARP/Host FRR routes allowed per protected IFL";
        }

        leaf global-supplementary-blackout-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 15";
            }
          }
          description
            "ARP plimit global blackout timer = kernel ARP timeout + global-supplementary-blackout-timer minutes.";
        }
      }  // container host-fast-reroute

      leaf warm-standby {
        junos:must "(!("routing-options nonstop-routing"))";
        junos:must-message "Warm standby and Nonstop routing cannot be enabled simultaneously";
        type empty;
        description "Enable warm-standby";
      }

      leaf nonstop-routing {
        type empty;
        description "Enable nonstop routing";
      }

      container nonstop-routing-options {
        presence
          "enable nonstop-routing-options";
        description
          "Nonstop routing options";
        uses apply-advanced;

        leaf precision-timers-max-period {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 1800";
            }
          }
          description
            "Set Max period for precision timer support from kernel after switchover";
        }
      }  // container nonstop-routing-options

      leaf nsr-phantom-holdtime {
        junos:must "("routing-options nonstop-routing")";
        junos:must-message "Nonstop routing must be enabled";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 10000";
          }
        }
        description
          "Set NSR phantom route hold time";
      }

      list srlg {
        key "name";
        ordered-by user;
        description "SRLG configuration";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description "Group name";
        }

        uses apply-advanced;

        leaf srlg-value {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 4294967295";
            }
          }
          description "Group id";
        }

        leaf srlg-cost {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description "Cost value";
        }
      }  // list srlg

      container admin-groups-extended-range {
        description
          "Extended administrative groups range";
        uses apply-advanced;

        leaf minimum {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "32 .. 4294967295";
            }
          }
          description
            "Minimum value of the range for extended administrative groups";
        }

        leaf maximum {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "32 .. 4294967295";
            }
          }
          description
            "Maximum value of the range for extended administrative groups";
        }
      }  // container admin-groups-extended-range

      list admin-groups-extended {
        junos:must "(".. admin-groups-extended-range")";
        junos:must-message "admin-groups-extended-range must be configured with admin-groups-extended";
        key "name";
        ordered-by user;
        description
          "Extended administrative groups";
        leaf name {
          type string {
            length "1 .. 64";
          }
          description
            "Group name (Maximum length 64)";
        }

        uses apply-advanced;

        leaf group-value {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "32 .. 4294967295";
            }
          }
          description "Group id";
        }
      }  // list admin-groups-extended

      container source-routing {
        description "Source-routing options";
        uses apply-advanced;

        leaf ip {
          type empty;
          description
            "Enable IP Source Routing";
        }

        leaf ipv6 {
          type empty;
          description
            "Enable Type 0 RouteHeader processing";
        }
      }  // container source-routing

      container forwarding-table {
        uses forwarding-table-type;
      }  // container forwarding-table

      container fate-sharing {
        description
          "Fate-sharing links or nodes database";
        uses apply-advanced;

        list group {
          key "name";
          ordered-by user;
          description
            "Group of objects sharing common characteristics";
          leaf name {
            type string {
              junos:posix-pattern "^.{1,32}$";
              junos:pattern-message "Must be a string of <= 32 characters";
            }
            description
              "Name of object groups sharing the same fate";
          }

          uses apply-advanced;

          leaf cost {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            description "Cost value";
          }

          leaf use-for-post-convergence-lfa {
            type empty;
            description
              "Use this fate-sharing group as a constraint for post-convergence-lfa";
          }

          list from {
            key "name";
            uses fate_sharing_links;
          }  // list from
        }  // list group
      }  // container fate-sharing

      container multicast {
        description
          "Global multicast options";
        uses apply-advanced;

        container traceoptions {
          description
            "Global multicast trace options";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "parse" {
                  value 0;
                  description
                    "Trace configuration parsing";
                }
                enum "config-internal" {
                  value 1;
                  description
                    "Trace configuration internals";
                }
                enum "route" {
                  value 2;
                  description
                    "Trace routing information";
                }
                enum "normal" {
                  value 3;
                  description
                    "Trace normal events";
                }
                enum "general" {
                  value 4;
                  description
                    "Trace general events";
                }
                enum "state" {
                  value 5;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 6;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 7;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 8;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "all" {
                  value 9;
                  description
                    "Trace everything";
                }
              }
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        leaf rpf {
          type string;
          status deprecated;
        }

        list scope {
          key "name";
          ordered-by user;
          description
            "Multicast address scope";
          leaf name {
            type string;
            description
              "Name to identify multicast address scope";
          }

          uses apply-advanced;

          leaf prefix {
            type jt:ipprefix;
            description
              "Administratively scoped address";
          }

          leaf-list interface {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            ordered-by user;
            description
              "Interface on which to configure scoping";
          }
        }  // list scope

        leaf-list scope-policy {
          type jt:policy-algebra;
          ordered-by user;
          description "Scoping policy";
        }

        list flow-map {
          key "name";
          ordered-by user;
          description
            "Multicast flow map configuration";
          leaf name {
            type string;
            description
              "Name of the flow map";
          }

          uses apply-advanced;

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Policy for matched flows";
          }

          container bandwidth {
            presence "enable bandwidth";
            description
              "Bandwidth properties for matched flows";
            leaf bandwidth-value {
              type string;
              units "bps";
              description
                "Static or default bandwidth for the matched flows";
            }

            leaf adaptive {
              type empty;
              description
                "Auto-sense bandwidth for matched flows";
            }
          }  // container bandwidth

          leaf-list redundant-sources {
            junos:must "(".. bandwidth adaptive")";
            junos:must-message "redundant-sources can only be configured together with 'bandwidth adaptive'";
            type jt:ipaddr;
            ordered-by user;
            description
              "Redundant source addresses";
          }

          container forwarding-cache {
            description
              "Forwarding cache properties for matched flows";
            uses apply-advanced;

            container timeout {
              description
                "Timeout properties for matched flows";
              choice timeout_choice {
                leaf timeout-value {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 720";
                    }
                  }
                  units "minutes";
                  description
                    "Timeout for forwarding cache entry";
                }
                container never {
                  presence "enable never";
                  description
                    "Forwarding cache entries never time out";
                  uses apply-advanced;

                  leaf non-discard-entry-only {
                    type empty;
                    description
                      "Apply only to non-discard entries";
                  }
                }  // container never
              }  // choice timeout_choice
            }  // container timeout
          }  // container forwarding-cache
        }  // list flow-map

        leaf-list resolve-filter {
          type jt:policy-algebra;
          ordered-by user;
          status deprecated;
          description
            "Multicast resolve policy filter";
        }

        leaf-list ssm-groups {
          type jt:ipprefix;
          ordered-by user;
          description
            "Source-specific multicast group ranges";
        }

        leaf cont-stats-collection-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "60 .. 3600";
            }
          }
          default "300";
          description
            "IGMP/MLD continuous statistics collection interval";
        }

        leaf asm-override-ssm {
          type empty;
          description
            "Allow ASM state for SSM group ranges";
        }

        leaf-list rpf-check-policy {
          type jt:policy-algebra;
          ordered-by user;
          description
            "Disable RPF check for a source group pair";
        }

        container pim-to-igmp-proxy {
          description "PIM-to-IGMP proxy";
          uses apply-advanced;

          leaf-list upstream-interface {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            max-elements 2;
            ordered-by user;
            description
              "Upstream interface list";
          }
        }  // container pim-to-igmp-proxy

        container pim-to-mld-proxy {
          description "PIM-to-MLD proxy";
          uses apply-advanced;

          leaf-list upstream-interface {
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            max-elements 2;
            ordered-by user;
            description
              "Upstream interface list";
          }
        }  // container pim-to-mld-proxy

        container forwarding-cache {
          description
            "Multicast forwarding cache";
          uses apply-advanced;

          leaf allow-maximum {
            type empty;
            description
              "Allow maximum of global and family level threshold values for suppress and reuse";
          }

          list family {
            junos:must "((!(".. threshold") || ".. allow-maximum"))";
            junos:must-message "Family threshold cannot be configured if global threshold is already configured";
            key "name";
            ordered-by user;
            description "Protocol family";
            leaf name {
              type enumeration {
                enum "inet" {
                  value 0;
                  description "IPv4 family";
                }
                enum "inet6" {
                  value 1;
                  description "IPv6 family";
                }
              }
              description "Protocol family";
            }

            uses apply-advanced;

            container threshold {
              presence "enable threshold";
              description
                "Multicast forwarding cache suppress threshold";
              uses apply-advanced;

              leaf suppress {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 200000";
                  }
                }
                description
                  "Suppress threshold";
              }

              leaf reuse {
                junos:must "(".. suppress")";
                junos:must-message "To configure reuse, suppress must be configured";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 200000";
                  }
                }
                description
                  "Reuse threshold";
              }

              leaf mvpn-rpt-suppress {
                junos:must "(".. suppress")";
                junos:must-message "To configure mvpn-rpt-suppress, suppress must be configured";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 200000";
                  }
                }
                description
                  "MVPN RP tree entry suppress threshold";
              }

              leaf mvpn-rpt-reuse {
                junos:must "(".. mvpn-rpt-suppress")";
                junos:must-message "To configure mvpn-rpt-reuse, mvpn-rpt-suppress must be configured";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 200000";
                  }
                }
                description
                  "MVPN RP tree entry reuse threshold";
              }

              leaf log-warning {
                junos:must "(".. suppress")";
                junos:must-message "To configure log-warning, suppress must be configured";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 100";
                  }
                }
                description
                  "Percentage at which to start generating warnings";
              }
            }  // container threshold
          }  // list family

          container threshold {
            junos:must "((!(".. family") || ".. allow-maximum"))";
            junos:must-message "Global threshold cannot be configured if family threshold is configured";
            description "Threshold";
            uses apply-advanced;

            leaf suppress {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 200000";
                }
              }
              description
                "Suppress threshold";
            }

            leaf reuse {
              junos:must "(".. suppress")";
              junos:must-message "To configure reuse, suppress must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 200000";
                }
              }
              description "Reuse threshold";
            }

            leaf mvpn-rpt-suppress {
              junos:must "(".. suppress")";
              junos:must-message "To configure mvpn-rpt-suppress, suppress must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 200000";
                }
              }
              description
                "MVPN RP tree entry suppress threshold";
            }

            leaf mvpn-rpt-reuse {
              junos:must "(".. mvpn-rpt-suppress")";
              junos:must-message "To configure mvpn-rpt-reuse, mvpn-rpt-suppress must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 200000";
                }
              }
              description
                "MVPN RP tree entry reuse threshold";
            }

            leaf log-warning {
              junos:must "(".. suppress")";
              junos:must-message "To configure log-warning, suppress must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 100";
                }
              }
              description
                "Percentage at which to start generating warnings";
            }
          }  // container threshold

          leaf timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 720";
              }
            }
            description
              "Forwarding cache entry timeout in minutes";
          }
        }  // container forwarding-cache

        list interface {
          key "name";
          ordered-by user;
          description
            "Multicast interface options";
          uses multicast_interface_options_type;
        }  // list interface

        list ssm-map {
          key "name";
          ordered-by user;
          description "SSM map definitions";
          leaf name {
            type string;
            description "SSM map name";
          }

          uses apply-advanced;

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description
              "Policy for matching group";
          }

          leaf-list source {
            type jt:ipaddr;
            ordered-by user;
            description
              "One or more source addresses";
          }
        }  // list ssm-map

        list backup-pe-group {
          key "name";
          ordered-by user;
          description
            "Backup PE group definitions";
          leaf name {
            type string;
            description "PE group name";
          }

          uses apply-advanced;

          leaf-list backups {
            type jt:ipaddr;
            max-elements 8;
            ordered-by user;
            description
              "One or more IP addresses";
          }

          leaf local-address {
            type jt:ipaddr;
            description
              "Address to be used as local-address for this group";
          }
        }  // list backup-pe-group

        leaf omit-wildcard-address {
          type empty;
          description
            "Omit wildcard source/group fields in SPMSI AD NLRI";
        }

        leaf local-address {
          type jt:ipv4addr;
          description
            "Local address for PIM and MVPN sessions";
        }
      }  // container multicast

      container programmable-rpd {
        description
          "RPD Server module management options";
        uses programmable-rpd-type;
      }  // container programmable-rpd

      container validation {
        description
          "Define Route validation";
        uses apply-advanced;

        container traceoptions {
          description
            "Trace options for route validation";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "error" {
                  value 0;
                  description
                    "Trace errored packets";
                }
                enum "packets" {
                  value 1;
                  description
                    "Trace all I/O packets";
                }
                enum "keepalive" {
                  value 2;
                  description
                    "Trace keepalive packets";
                }
                enum "update" {
                  value 3;
                  description
                    "Trace update packets";
                }
                enum "nsr-synchronization" {
                  value 4;
                  description
                    "Trace NSR synchronization events";
                }
                enum "state" {
                  value 5;
                  description
                    "Trace state transitions";
                }
                enum "policy" {
                  value 6;
                  description
                    "Trace policy processing";
                }
                enum "task" {
                  value 7;
                  description
                    "Trace routing protocol task processing";
                }
                enum "timer" {
                  value 8;
                  description
                    "Trace routing protocol timer processing";
                }
                enum "client" {
                  value 9;
                  description
                    "Trace route validation client events";
                }
                enum "all" {
                  value 10;
                  description
                    "Trace everything";
                }
              }
            }

            leaf send {
              type empty;
              description
                "Trace transmitted packets";
            }

            leaf receive {
              type empty;
              description
                "Trace received packets";
            }

            leaf detail {
              type empty;
              description
                "Trace detailed information";
            }

            leaf disable {
              type empty;
              description
                "Disable this trace flag";
            }
          }  // list flag
        }  // container traceoptions

        leaf-list notification-rib {
          type string;
          ordered-by user;
          description
            "Define routing tables that get notified upon validation state change";
        }

        list group {
          key "name";
          description
            "Define a group of sessions";
          leaf name {
            type string;
            description "Group name";
          }

          uses apply-advanced;

          leaf authentication-key {
            type string {
              length "1 .. 126";
            }
            description
              "MD5 authentication key";
          }

          leaf authentication-algorithm {
            junos:must "(".. authentication-key-chain")";
            junos:must-message "May not be configured without authentication-key-chain";
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "md5" {
                value 0;
                description
                  "Message Digest 5";
              }
              enum "hmac-sha-1-96" {
                value 1;
                description
                  "Hash-based Message Authentication Code (SHA1) (96 bits)";
              }
              enum "aes-128-cmac-96" {
                value 2;
                description
                  "Cipher-based Message Authentication Code (AES128) (96 bits)";
              }
              enum "ao" {
                value 3;
                description
                  "TCP Authentication Option";
              }
            }
            default "hmac-sha-1-96";
            description
              "Authentication algorithm name";
          }

          leaf tcpao-handling-with-digest-mismatch {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            type enumeration {
              enum "drop-if-no-tcpao" {
                value 0;
                description
                  "Drop the connection if Digest mismatched";
              }
              enum "allow-without-tcpao" {
                value 1;
                description
                  "Allow the connection establishment without TCP-AO";
              }
            }
            description
              "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
          }

          leaf authentication-key-chain {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "May not be configured with authentication-key";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string {
              length "1 .. 128";
            }
            description "Key chain name";
          }

          leaf max-sessions {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 63";
              }
            }
            description
              "Maximum connected session in this group";
          }

          list session {
            key "name";
            description
              "Configure a session";
            leaf name {
              type jt:ipaddr;
            }

            uses apply-advanced;

            container traceoptions {
              description
                "Trace options for route validation";
              uses apply-advanced;

              container file {
                description
                  "Trace file options";
                leaf filename {
                  type string {
                    junos:posix-pattern "![/ %]";
                    junos:pattern-message "Must not contain '/', % or a space";
                    length "1 .. 1024";
                  }
                  description
                    "Name of file in which to write trace information";
                }

                leaf replace {
                  type empty;
                  status deprecated;
                  description
                    "Replace trace file rather than appending to it";
                }

                leaf size {
                  type string;
                  description
                    "Maximum trace file size";
                }

                leaf files {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "2 .. 1000";
                    }
                  }
                  default "10";
                  description
                    "Maximum number of trace files";
                }

                leaf no-stamp {
                  type empty;
                  status deprecated;
                  description
                    "Do not timestamp trace file";
                }

                choice world-readable-choice {
                  leaf world-readable {
                    type empty;
                    description
                      "Allow any user to read the log file";
                  }
                  leaf no-world-readable {
                    type empty;
                    description
                      "Don't allow any user to read the log file";
                  }
                }  // choice world-readable-choice
              }  // container file

              list flag {
                key "name";
                ordered-by user;
                description
                  "Tracing parameters";
                leaf name {
                  type enumeration {
                    enum "error" {
                      value 0;
                      description
                        "Trace errored packets";
                    }
                    enum "packets" {
                      value 1;
                      description
                        "Trace all I/O packets";
                    }
                    enum "keepalive" {
                      value 2;
                      description
                        "Trace keepalive packets";
                    }
                    enum "update" {
                      value 3;
                      description
                        "Trace update packets";
                    }
                    enum "state" {
                      value 4;
                      description
                        "Trace state transitions";
                    }
                    enum "task" {
                      value 5;
                      description
                        "Trace routing protocol task processing";
                    }
                    enum "timer" {
                      value 6;
                      description
                        "Trace routing protocol timer processing";
                    }
                    enum "all" {
                      value 7;
                      description
                        "Trace everything";
                    }
                  }
                }

                leaf send {
                  type empty;
                  description
                    "Trace transmitted packets";
                }

                leaf receive {
                  type empty;
                  description
                    "Trace received packets";
                }

                leaf detail {
                  type empty;
                  description
                    "Trace detailed information";
                }

                leaf disable {
                  type empty;
                  description
                    "Disable this trace flag";
                }
              }  // list flag
            }  // container traceoptions

            leaf authentication-key {
              type string {
                length "1 .. 126";
              }
              description
                "MD5 authentication key";
            }

            leaf authentication-algorithm {
              junos:must "(".. authentication-key-chain")";
              junos:must-message "May not be configured without authentication-key-chain";
              junos:must "(!(".. authentication-key"))";
              junos:must-message "May not be configured with authentication-key";
              type enumeration {
                enum "md5" {
                  value 0;
                  description
                    "Message Digest 5";
                }
                enum "hmac-sha-1-96" {
                  value 1;
                  description
                    "Hash-based Message Authentication Code (SHA1) (96 bits)";
                }
                enum "aes-128-cmac-96" {
                  value 2;
                  description
                    "Cipher-based Message Authentication Code (AES128) (96 bits)";
                }
                enum "ao" {
                  value 3;
                  description
                    "TCP Authentication Option";
                }
              }
              default "hmac-sha-1-96";
              description
                "Authentication algorithm name";
            }

            leaf tcpao-handling-with-digest-mismatch {
              junos:must "(!(".. authentication-key"))";
              junos:must-message "May not be configured with authentication-key";
              type enumeration {
                enum "drop-if-no-tcpao" {
                  value 0;
                  description
                    "Drop the connection if Digest mismatched";
                }
                enum "allow-without-tcpao" {
                  value 1;
                  description
                    "Allow the connection establishment without TCP-AO";
                }
              }
              description
                "Drop or continue without TCP-AO with digest mismatch with TCP-AO";
            }

            leaf authentication-key-chain {
              junos:must "(!(".. authentication-key"))";
              junos:must-message "May not be configured with authentication-key";
              junos:must "("security authentication-key-chains key-chain $$")";
              junos:must-message "Referenced key-chain must be defined";
              type string {
                length "1 .. 128";
              }
              description "Key chain name";
            }

            leaf refresh-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 1800";
                }
              }
              units "seconds";
              description
                "Interval between keepalive packet transmissions";
            }

            leaf hold-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10 .. 3600";
                }
              }
              units "seconds";
              description
                "Time after which the session is declared down.";
            }

            leaf record-lifetime {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "60 .. 604800";
                }
              }
              units "seconds";
              description
                "Lifetime of route validation records";
            }

            leaf preference {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 255";
                }
              }
              description
                "Preference for session establishment";
            }

            leaf port {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 65535";
                }
              }
              description
                "Portnumber to connect";
            }

            leaf local-address {
              type jt:ipaddr;
            }
          }  // list session
        }  // list group

        container static {
          description
            "Define static route validation record";
          uses apply-advanced;

          list record {
            key "name";
            description
              "Static route validation record";
            leaf name {
              type jt:ipprefix;
            }

            uses apply-advanced;

            list maximum-length {
              key "name";
              ordered-by user;
              leaf name {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 128";
                  }
                }
                description
                  "Maximum prefix-length for route validation record";
              }

              uses apply-advanced;

              list origin-autonomous-system {
                key "name";
                ordered-by user;
                leaf name {
                  type union {
                    type uint32;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Legitimate Origin Autonomous System";
                }

                uses apply-advanced;

                leaf validation-state {
                  type enumeration {
                    enum "invalid" {
                      value 0;
                      description
                        "Invalid route validation state";
                    }
                    enum "valid" {
                      value 1;
                      description
                        "Valid route validation state";
                    }
                  }
                  description
                    "Validation state for route validation record";
                }
              }  // list origin-autonomous-system
            }  // list maximum-length
          }  // list record
        }  // container static
      }  // container validation
    }  // grouping juniper-routing-options

    grouping dynamic_tunnel_type {
      description
        "Dynamic tunnel definition";
      leaf name {
        type string {
          junos:posix-pattern "![^a-zA-Z0-9_-]|(^(all|.{64,})$)";
          junos:pattern-message "Tunnel name is a string consisting of up to 63 letters, numbers, dashes, and underscores";
        }
        description "Tunnel name";
      }

      uses apply-advanced;

      leaf source-address {
        junos:must "((".. gre" || (".. udp" || (".. bgp-signal" || ".. ipip"))))";
        junos:must-message "Tunnel type GRE, UDP or BGP-SIGNAL must be configured";
        type jt:ipaddr;
        description "Tunnel source address";
      }

      choice tunnel-type {
        list rsvp-te {
          key "name";
          ordered-by user;
          description
            "RSVP-TE point-to-point LSP";
          leaf name {
            type string;
            description
              "Configure multiple entries for RSVP tunnel";
          }

          uses apply-advanced;

          container label-switched-path-template {
            description
              "Template for dynamic point-to-point LSP parameters";
            uses apply-advanced;

            choice dynamic-template {
              leaf template-name {
                junos:must "(("protocols mpls label-switched-path $$" && "protocols mpls label-switched-path $$ template"))";
                junos:must-message "Referenced point-to-point LSP template does not exist";
                type string {
                  junos:posix-pattern "^.{1,32}$";
                  junos:pattern-message "Must be a string of 32 characters or less";
                }
                description
                  "Name of point-to-point LSP template";
              }
              leaf default-template {
                type empty;
                description
                  "Use default parameters";
              }
            }  // choice dynamic-template
          }  // container label-switched-path-template

          list destination-networks {
            key "name";
            ordered-by user;
            description
              "Create tunnels for routes in these destination networks";
            uses app_network_type;
          }  // list destination-networks
        }  // list rsvp-te
        container spring-te {
          description "SPRING-TE LSP's";
          uses apply-advanced;

          list source-routing-path-template {
            key "name";
            ordered-by user;
            description
              "Template color mapping for SPRING-TE dynamic LSP parameters";
            uses spring-te-template-map;
          }  // list source-routing-path-template

          list destination-networks {
            key "name";
            ordered-by user;
            description
              "Create tunnels for routes in these destination networks";
            uses app_network_type;
          }  // list destination-networks
        }  // container spring-te
        leaf gre {
          junos:must "((".. source-address" && ".. destination-networks"))";
          junos:must-message "Source address and Destination Networks must be configured for tunnel type GRE";
          type empty;
          description
            "Generic routing encapsulation type for IPv4";
        }

        case case_4 {
        }  // case case_4
        leaf bgp-signal {
          junos:must "((".. source-address" && ".. destination-networks"))";
          junos:must-message "Source address and Destination Networks must be configured for tunnel type BGP-Signal";
          type empty;
          description
            "BGP signals the encapsulation type for IPv4";
        }

        case case_6 {
        }  // case case_6
      }  // choice tunnel-type

      list destination-networks {
        junos:must "(((".. gre" || (".. udp" || (".. bgp-signal" || ".. ipip"))) && (!(".. rsvp-te") && !(".. spring-te"))))";
        junos:must-message "Tunnel type GRE or UDP must be configured";
        key "name";
        ordered-by user;
        description
          "Create tunnels for routes in these destination networks";
        uses network_type;
      }  // list destination-networks
    }  // grouping dynamic_tunnel_type

    grouping app_network_type {
      leaf name {
        type jt:ipprefix;
        description "Network prefix";
      }

      uses apply-advanced;
    }  // grouping app_network_type

    grouping export-af-obj {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable auto-export for address family";
        }
      }  // choice enable-disable

      container unicast {
        presence "enable unicast";
        description
          "Unicast routing information";
        uses export-subaf-obj;
      }  // container unicast

      container multicast {
        presence "enable multicast";
        description
          "Multicast routing information";
        uses export-subaf-obj;
      }  // container multicast

      container flow {
        presence "enable flow";
        description
          "Flow routing information";
        uses export-subaf-obj;
      }  // container flow
    }  // grouping export-af-obj

    grouping export-subaf-obj {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable instance export";
        }
      }  // choice enable-disable

      leaf rib-group {
        type string;
        description
          "Auxiliary rib-group of additional RIBs to consider";
      }
    }  // grouping export-subaf-obj

    grouping fate_sharing_links {
      leaf name {
        type jt:ipv4addr;
        description
          "Router ID or LAN interface address";
      }

      leaf to {
        type jt:ipv4addr;
        description "Point-to-point links";
      }
    }  // grouping fate_sharing_links

    grouping flow-interface-group {
      leaf group {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 255";
          }
        }
        description
          "Interface group ID to match traffic";
      }

      leaf exclude {
        type empty;
        description
          "Don't apply flow-spec filter to traffic on this group";
      }
    }  // grouping flow-interface-group

    grouping flow-route-inet {
      leaf name {
        type string;
      }

      uses apply-advanced;

      leaf no-install {
        type empty;
        description
          "Don't install firewall filter in forwarding";
      }

      container match {
        description "Flow definition";
        uses flow-route-qualifier-inet;
      }  // container match

      container then {
        description
          "Actions to take for this flow";
        uses flow-route-op;
      }  // container then
    }  // grouping flow-route-inet

    grouping flow-route-inet6 {
      leaf name {
        type string;
      }

      uses apply-advanced;

      leaf no-install {
        type empty;
        description
          "Don't install firewall filter in forwarding";
      }

      container match {
        description "Flow definition";
        uses flow-route-qualifier-inet6;
      }  // container match

      container then {
        description
          "Actions to take for this flow";
        uses flow-route-op;
      }  // container then
    }  // grouping flow-route-inet6

    grouping flow-route-op {
      uses apply-advanced;

      leaf community {
        type string;
        description "Name of BGP community";
      }

      choice flow_op_action {
        leaf accept {
          type empty;
          description
            "Allow traffic through";
        }
        leaf discard {
          type empty;
          description
            "Discard all traffic for this flow";
        }
        leaf rate-limit {
          type string;
          description
            "Rate in bits/sec to limit the flow traffic";
        }
      }  // choice flow_op_action

      leaf routing-instance {
        type string {
          junos:posix-pattern "^[a-z]+:[0-9.]+L?:[0-9]+$";
          junos:pattern-message "Use format 'target:x:y' where 'x' is an AS number followed by an optional 'L' (To indicate 4 byte AS), or an IP address and 'y' is a number. e.g. target:123456L:100";
        }
        description
          "Redirect to instance identified via Route Target community";
      }

      leaf sample {
        type empty;
        description
          "Sample traffic that matches this flow";
      }

      leaf mark {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 63";
          }
        }
        description
          "Set DSCP value for traffic that matches this flow";
      }

      leaf next-term {
        type empty;
        description
          "Continue the filter evaluation after matching this flow";
      }

      choice redirect_op_action {
        leaf-list redirect {
          type jt:ipaddr;
          ordered-by user;
          description
            "Redirect(Tunnel) this flow's traffic to given next-hop address";
        }
      }  // choice redirect_op_action
    }  // grouping flow-route-op

    grouping flow-route-qualifier-inet {
      uses apply-advanced;

      leaf-list protocol {
        type string;
        ordered-by user;
        description "IP protocol value";
      }

      leaf-list port {
        type string;
        ordered-by user;
      }

      leaf-list destination-port {
        type string;
        ordered-by user;
      }

      leaf-list source-port {
        type string;
        ordered-by user;
      }

      leaf-list tcp-flags {
        type string;
        ordered-by user;
        description "TCP flags";
      }

      leaf-list packet-length {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Packet length (0-65535)";
      }

      leaf-list dscp {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Differentiated Services (DiffServ) code point (DSCP) (0-63)";
      }

      leaf-list fragment {
        type enumeration {
          enum "dont-fragment" {
            value 0;
            description
              "Don't Fragment flag is set";
          }
          enum "not-a-fragment" {
            value 1;
            description "Not a fragment";
          }
          enum "is-fragment" {
            value 2;
            description "Fragmented packet";
          }
          enum "first-fragment" {
            value 3;
            description "First fragment";
          }
          enum "last-fragment" {
            value 4;
            description "Last fragment";
          }
        }
        ordered-by user;
      }

      leaf destination {
        type jt:ipv4prefix;
        description
          "Destination prefix for this traffic flow";
      }

      leaf source {
        type jt:ipv4prefix;
        description
          "Source prefix for this traffic flow";
      }

      leaf-list icmp-code {
        type string;
        ordered-by user;
        description "ICMP message code";
      }

      leaf-list icmp-type {
        type string;
        ordered-by user;
        description "ICMP message type";
      }
    }  // grouping flow-route-qualifier-inet

    grouping flow-route-qualifier-inet6 {
      uses apply-advanced;

      leaf-list protocol {
        type string;
        ordered-by user;
        description "IP protocol value";
      }

      leaf-list port {
        type string;
        ordered-by user;
      }

      leaf-list destination-port {
        type string;
        ordered-by user;
      }

      leaf-list source-port {
        type string;
        ordered-by user;
      }

      leaf-list tcp-flags {
        type string;
        ordered-by user;
        description "TCP flags";
      }

      leaf-list packet-length {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Packet length (0-65535)";
      }

      leaf-list dscp {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Differentiated Services (DiffServ) code point (DSCP) (0-63)";
      }

      leaf-list fragment {
        type enumeration {
          enum "dont-fragment" {
            value 0;
            description
              "Don't Fragment flag is set";
          }
          enum "not-a-fragment" {
            value 1;
            description "Not a fragment";
          }
          enum "is-fragment" {
            value 2;
            description "Fragmented packet";
          }
          enum "first-fragment" {
            value 3;
            description "First fragment";
          }
          enum "last-fragment" {
            value 4;
            description "Last fragment";
          }
        }
        ordered-by user;
      }

      container destination {
        presence "enable destination";
        description
          "Destination prefix for this traffic flow";
        uses flow-prefix-with-offset;
      }  // container destination

      container source {
        presence "enable source";
        description
          "Source prefix for this traffic flow";
        uses flow-prefix-with-offset;
      }  // container source

      leaf-list icmp6-type {
        type string;
        ordered-by user;
        description "ICMP message type";
      }

      leaf-list icmp6-code {
        type string;
        ordered-by user;
        description "ICMP message code";
      }

      leaf-list flow-label {
        type jt:policy-algebra;
        ordered-by user;
        description "Flow-label (0-1048575)";
      }
    }  // grouping flow-route-qualifier-inet6

    grouping flow-prefix-with-offset {
      leaf prefix {
        type jt:ipv6prefix;
      }

      leaf prefix-offset {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Offset from where prefix match will start";
      }
    }  // grouping flow-prefix-with-offset

    grouping flow-validation {
      uses apply-advanced;

      container traceoptions {
        description "Trace options";
        uses flow-dep-traceoptions;
      }  // container traceoptions
    }  // grouping flow-validation

    grouping flow-dep-traceoptions {
      uses apply-advanced;

      container file {
        description "Trace file options";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf replace {
          type empty;
          status deprecated;
          description
            "Replace trace file rather than appending to it";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "10";
          description
            "Maximum number of trace files";
        }

        leaf no-stamp {
          type empty;
          status deprecated;
          description
            "Do not timestamp trace file";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice
      }  // container file

      list flag {
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "resolution" {
              value 0;
              description
                "Trace flow to unicast route resolution";
            }
            enum "flash" {
              value 1;
              description
                "Trace flash processing";
            }
            enum "route" {
              value 2;
              description
                "Trace routing information";
            }
            enum "normal" {
              value 3;
              description
                "Trace normal events";
            }
            enum "general" {
              value 4;
              description
                "Trace general events";
            }
            enum "state" {
              value 5;
              description
                "Trace state transitions";
            }
            enum "policy" {
              value 6;
              description
                "Trace policy processing";
            }
            enum "task" {
              value 7;
              description
                "Trace routing protocol task processing";
            }
            enum "timer" {
              value 8;
              description
                "Trace routing protocol timer processing";
            }
            enum "all" {
              value 9;
              description "Trace everything";
            }
          }
        }

        leaf send {
          type empty;
          description
            "Trace transmitted packets";
        }

        leaf receive {
          type empty;
          description
            "Trace received packets";
        }

        leaf detail {
          type empty;
          description
            "Trace detailed information";
        }

        leaf disable {
          type empty;
          description
            "Disable this trace flag";
        }

        container filter {
          presence "enable filter";
          description
            "Filter to apply to tracing";
          leaf match-on {
            type enumeration {
              enum "prefix" {
                value 0;
                description
                  "Filter based on prefix";
              }
              enum "route-attribute" {
                value 1;
                description
                  "Filter based on route attributes";
              }
            }
            description
              "Argument on which to match";
          }

          leaf-list policy {
            type jt:policy-algebra;
            ordered-by user;
            description "Filter policy";
          }
        }  // container filter
      }  // list flag
    }  // grouping flow-dep-traceoptions

    grouping forwarding-table-type {
      description
        "Forwarding table management options";
      uses apply-advanced;

      leaf remnant-holdtime {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 10000";
          }
        }
        description
          "Time to hold inherited routes from FIB";
      }

      leaf chain-composite-max-label-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 16";
          }
        }
        description
          "Maximum labels inside chain composite for the platform.";
      }

      leaf krt-nexthop-ack-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 400";
          }
        }
        description
          "Kernel nexthop ack timeout interval";
      }

      leaf srv6-chain-merge {
        type empty;
        description
          "Enable merging of srv6 chain nexthops";
      }

      container consistency-checking {
        status deprecated;
        description
          "RIB/FIB consistency checking";
        uses apply-advanced;

        choice enable-disable {
          leaf enable {
            type empty;
            description
              "Enable consistency checking";
          }
          leaf disable {
            type empty;
            description
              "Disable consistency checking";
          }
        }  // choice enable-disable

        leaf period {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "30 .. 4294967295";
            }
          }
          description
            "Periodicity of scan in seconds";
        }

        leaf threshold {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Mismatch threshold until complaint";
        }
      }  // container consistency-checking

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description "Export policy";
      }

      leaf dynamic-list-next-hop {
        junos:must "(!(".. evpn-aliasing-optimize"))";
        junos:must-message "please disable evpn-aliasing-optimize";
        type empty;
        description
          "Dynamic next-hop mode for EVPN";
      }

      container evpn-egress-link-protection {
        presence
          "enable evpn-egress-link-protection";
        description
          "EVPN PE-CE egress link failure protection";
        uses apply-advanced;
      }  // container evpn-egress-link-protection

      container egress-chaining {
        description "Enable egress-chaining";
        uses apply-advanced;

        leaf spring-te {
          type empty;
          description
            "Enable egress-chaining for SPRING-TE routes";
        }
      }  // container egress-chaining

      leaf evpn-aliasing-optimize {
        junos:must "(!(".. evpn-egress-link-protection"))";
        junos:must-message "please disable evpn-egress-link-protection";
        junos:must "(!(".. dynamic-list-next-hop"))";
        junos:must-message "please disable dynamic-list-next-hop";
        type empty;
        description
          "EVPN Aliasing convergence improvement";
      }

      choice indirect-next-hop-choice {
        leaf indirect-next-hop {
          type empty;
          description
            "Install indirect next hops in Packet Forwarding Engine";
        }
        leaf no-indirect-next-hop {
          type empty;
          description
            "Don't install indirect next hops in Packet Forwarding Engine";
        }
      }  // choice indirect-next-hop-choice

      choice route-ack-converge-choice {
        leaf route-ack-converge {
          type empty;
          description
            "Enable the route ack convergence feature";
        }
        leaf no-route-ack-converge {
          type empty;
          description
            "Don't enable the route ack convergence feature";
        }
      }  // choice route-ack-converge-choice

      choice indirect-next-hop-change-acknowledgements-choice {
        leaf indirect-next-hop-change-acknowledgements {
          type empty;
          description
            "Request acknowledgements for Indirect next hop changes";
        }
        leaf no-indirect-next-hop-change-acknowledgements {
          type empty;
          description
            "Don't request acknowledgements for Indirect next hop changes";
        }
      }  // choice indirect-next-hop-change-acknowledgements-choice

      list rib {
        key "name";
        ordered-by user;
        status deprecated;
        leaf name {
          type string;
        }
      }  // list rib

      leaf unicast-reverse-path {
        type enumeration {
          enum "active-paths" {
            value 0;
            description
              "Consider active paths when performing RP verification";
          }
          enum "feasible-paths" {
            value 1;
            description
              "Consider all feasible paths for RP verification";
          }
        }
        description
          "Unicast reverse path (RP) verification";
      }

      container ip-tunnel-rpf-check {
        presence
          "enable ip-tunnel-rpf-check";
        description
          "IP tunnel Reverse Path Forwarding Check";
        uses apply-advanced;

        leaf mode {
          type enumeration {
            enum "strict" {
              value 0;
              description
                "Strict mode for rpf-check(Default)";
            }
            enum "loose" {
              value 1;
              description
                "Loose mode for rpf-check";
            }
          }
          default "strict";
        }

        leaf fail-filter {
          junos:must "(("firewall family any filter $$" || ((!("firewall") && ".. .. .. .. .. firewall family any filter $$") || ("firewall family inet filter $$" || ((!("firewall") && ".. .. .. .. .. firewall family inet filter $$") || ("firewall family inet6 filter $$" || (!("firewall") && ".. .. .. .. .. firewall family inet6 filter $$")))))))";
          junos:must-message "referenced filter must be defined under firewall family any|inet|inet6";
          type string {
            junos:posix-pattern "!^((__.*)|(.{65,}))$";
            junos:pattern-message "Must be a non-reserved string of 64 characters or less";
          }
          description
            "Fail filter name for RPF check(family inet|inet6|any)";
        }
      }  // container ip-tunnel-rpf-check

      container fib-next-hop-split {
        description
          "Split nexthop to chain nexthop when installing fom rib to fib";
        uses apply-advanced;

        leaf labeled-isis {
          type empty;
          description
            "Create composite-chained nexthops for labeled ISIS routes";
        }
      }  // container fib-next-hop-split
    }  // grouping forwarding-table-type

    grouping juniper-sampling-options {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable global sampling instance";
        }
      }  // choice enable-disable

      container traceoptions {
        description
          "Traffic sampling trace options";
        uses sampling_traceoptions_type;
      }  // container traceoptions

      container input {
        description
          "Traffic Sampling data acquisition";
        uses sampling_input_type;
      }  // container input

      container output {
        junos:must "(!(".. family"))";
        junos:must-message " 'sampling family <*> ' and 'sampling output' are mutually exclusive";
        junos:must "("forwarding-options sampling input")";
        junos:must-message "Sampling input configuration is not specified";
        status deprecated;
        description
          "Traffic sampling data disposition";
        uses sampling_output_type;
      }  // container output

      container family {
        description
          "Address family of packets to sample";
        container inet {
          description "Sample IPv4 packets";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable sampling family inet";
            }
          }  // choice enable-disable

          container input {
            junos:must "(!(".. .. .. input"))";
            junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
            description
              "Settings for sampling of input packets";
            uses sampling_family_input_type;
          }  // container input

          container output {
            junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))";
            junos:must-message "output configuration mismatch with old deprecated input configuration";
            junos:must "((".. .. .. input rate" || " .. input rate"))";
            junos:must-message "sampling input rate is not specified";
            junos:must "((".. .. .. input" || ".. input"))";
            junos:must-message "Sampling input configuration is not specified";
            description
              "Traffic sampling data disposition";
            uses sampling_instance_inet_global_output_type;
          }  // container output
        }  // container inet

        container inet6 {
          description "Sample IPv6 packets";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable sampling family inet6";
            }
          }  // choice enable-disable

          container input {
            junos:must "(!(".. .. .. input"))";
            junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
            description
              "Settings for sampling of input packets";
            uses sampling_family_input_type;
          }  // container input

          container output {
            junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))";
            junos:must-message "output configuration mismatch with old deprecated input configuration";
            junos:must "((".. .. .. input" || ".. input"))";
            junos:must-message "Sampling input configuration is not specified";
            description
              "Traffic sampling data disposition";
            uses sampling_family_inet6_output_type;
          }  // container output
        }  // container inet6
      }  // container family

      list instance {
        key "name";
        ordered-by user;
        description
          "Instance of sampling parameters";
        leaf name {
          junos:must "(!("forwarding-options port-mirroring instance $$"))";
          junos:must-message "Instance $$ is also defined under port-mirroring hierarchy";
          type string;
          description
            "Name for sampling instance";
        }

        uses apply-advanced;

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable sampling instance";
          }
        }  // choice enable-disable

        container input {
          description
            "Traffic Sampling data acquisition";
          uses sampling_instance_input_type;
        }  // container input

        container family {
          description
            "Address family of packets to sample";
          container inet {
            description
              "Sample IPv4 packets";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                status deprecated;
                description
                  "Disable instance family inet";
              }
            }  // choice enable-disable

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
              description
                "Settings for sampling of input packets";
              uses sampling_family_input_type;
            }  // container input

            container output {
              junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))";
              junos:must-message "output configuration mismatch with old deprecated input configuration";
              junos:must "((".. .. .. input" || ".. input"))";
              junos:must-message "Sampling input configuration is not specified";
              description
                "Traffic sampling data disposition";
              uses sampling_instance_inet_output_type;
            }  // container output
          }  // container inet

          container inet6 {
            description
              "Sample IPv6 packets";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                status deprecated;
                description
                  "Disable instance family inet6";
              }
            }  // choice enable-disable

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
              description
                "Settings for sampling of input packets";
              uses sampling_family_input_type;
            }  // container input

            container output {
              junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))";
              junos:must-message "output configuration mismatch with old deprecated input configuration";
              junos:must "((".. .. .. input" || ".. input"))";
              junos:must-message "Sampling input configuration is not specified";
              description
                "Traffic sampling data disposition";
              uses sampling_instance_inet6_output_type;
            }  // container output
          }  // container inet6

          container mpls {
            description
              "Sample mpls packets";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                status deprecated;
                description
                  "Disable instance family mpls";
              }
            }  // choice enable-disable

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
              description
                "Settings for sampling of input packets";
              uses sampling_family_input_type;
            }  // container input

            container output {
              junos:must "((!("forwarding-options sampling input family inet") && (!("forwarding-options sampling input family inet6") && !("forwarding-options sampling input family mpls"))))";
              junos:must-message "output configuration mismatch with old deprecated input configuration";
              junos:must "((".. .. .. input" || ".. input"))";
              junos:must-message "Sampling input configuration is not specified";
              description
                "Traffic sampling data disposition";
              uses sampling_instance_mpls_output_type;
            }  // container output
          }  // container mpls

          container vpls {
            status deprecated;
            description
              "Sample vpls packets";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable instance family vpls";
              }
            }  // choice enable-disable

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
              description
                "Settings for sampling of input packets";
              uses sampling_family_input_type;
            }  // container input

            container output {
              junos:must "((".. .. .. input" || ".. input"))";
              junos:must-message "Sampling input configuration is not specified";
              description
                "Traffic sampling data disposition";
              uses sampling_instance_vpls_output_type;
            }  // container output
          }  // container vpls

          container bridge {
            junos:must "(!(".. .. family vpls"))";
            junos:must-message "bridge and vpls families are mutually exclusive";
            description
              "Sample bridge packets";
            uses apply-advanced;

            choice enable-disable {
              leaf disable {
                type empty;
                description
                  "Disable instance family bridge";
              }
            }  // choice enable-disable

            container input {
              junos:must "(!(".. .. .. input"))";
              junos:must-message "instance <*> 'family <*> input' and 'instance <*> input' are mutually exclusive";
              description
                "Settings for sampling of input packets";
              uses sampling_family_input_type;
            }  // container input

            container output {
              junos:must "((".. .. .. input" || ".. input"))";
              junos:must-message "Sampling input configuration is not specified";
              description
                "Traffic sampling data disposition";
              uses sampling_instance_bridge_output_type;
            }  // container output
          }  // container bridge
        }  // container family
      }  // list instance

      container jflow-service {
        description
          "Jflow service configuration";
        uses apply-advanced;

        container traceoptions {
          description
            "Jflow service trace options";
          uses jflow_service_traceoptions;
        }  // container traceoptions
      }  // container jflow-service

      container route-record {
        description
          "Sampling route record configuration";
        uses apply-advanced;

        container traceoptions {
          description
            "Sampling route record trace options";
          uses route_record_traceoptions;
        }  // container traceoptions
      }  // container route-record
    }  // grouping juniper-sampling-options

    grouping jflow_service_traceoptions {
      description
        "Traceoptions for jflow-service";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description
          "Area of jflow-service to enable debuging output";
        leaf name {
          type enumeration {
            enum "parse" {
              value 0;
              description
                "Trace parsing code";
            }
            enum "rtsock" {
              value 1;
              description
                "Trace rtsock code";
            }
            enum "sm" {
              value 2;
              description
                "Trace State machine code";
            }
            enum "all" {
              value 3;
              description
                "Trace all area of jflow-service code";
            }
          }
        }
      }  // list flag
    }  // grouping jflow_service_traceoptions

    grouping junos_hash_key {
      description
        "Select data used in the hash key";
      uses apply-advanced;

      container family {
        description "Protocol family";
        container fcoe {
          description "FCoE protocol family";
          uses apply-advanced;

          container ethernet-interfaces {
            description
              "FCoE hash-key configuration on ethernet interfaces";
            uses apply-advanced;

            leaf oxid {
              type enumeration {
                enum "enable" {
                  value 0;
                  description
                    "Include Originator Exchange ID in the hash key";
                }
                enum "disable" {
                  value 1;
                  description
                    "Do not include Originator Exchange ID in the hash key";
                }
              }
              description
                "Originator Exchange ID";
            }
          }  // container ethernet-interfaces

          container fabric-interfaces {
            description
              "FCoE hash-key configuration on fabric interfaces";
            uses apply-advanced;

            leaf oxid {
              type enumeration {
                enum "enable" {
                  value 0;
                  description
                    "Include Originator Exchange ID in the hash key";
                }
                enum "disable" {
                  value 1;
                  description
                    "Do not include Originator Exchange ID in the hash key";
                }
              }
              description
                "Originator Exchange ID";
            }
          }  // container fabric-interfaces
        }  // container fcoe

        container inet {
          description "IPv4 protocol family";
          uses apply-advanced;

          container layer-3 {
            presence "enable layer-3";
            description
              "Include Layer 3 (IP) data in the hash key";
            uses apply-advanced;

            leaf destination-address {
              type empty;
              description
                "Include IP destination address in the hash key";
            }
          }  // container layer-3

          container layer-4 {
            presence "enable layer-4";
            description
              "Include Layer 4 (TCP or UDP) data in the hash key";
            uses apply-advanced;
          }  // container layer-4

          leaf session-id {
            type empty;
            description
              "Include session ID in the hash key";
          }
        }  // container inet

        container inet6 {
          description "IPv6 protocol family";
          uses apply-advanced;

          container layer-3 {
            presence "enable layer-3";
            description
              "Include Layer 3 (IP) data in the hash key";
            uses apply-advanced;

            leaf destination-address {
              type empty;
              description
                "Include IP destination address in the hash key";
            }

            leaf incoming-interface-index {
              type empty;
              description
                "Include incoming interface index in the hash key";
            }

            leaf next-header {
              type empty;
              description
                "Include IP Next Header field in the hash key";
            }

            leaf source-address {
              type empty;
              description
                "Include IP source address in the hash key";
            }

            leaf traffic-class {
              type empty;
              description
                "Include Traffic Class field in the hash key";
            }
          }  // container layer-3

          container layer-4 {
            presence "enable layer-4";
            description
              "Include Layer 4 (TCP or UDP) data in the hash key";
            uses apply-advanced;

            leaf destination-port {
              type empty;
              description
                "Include IP destination port in the hash key";
            }

            leaf source-port {
              type empty;
              description
                "Include IP source port in the hash key";
            }
          }  // container layer-4

          leaf session-id {
            type empty;
            description
              "Include session ID in the hash key";
          }
        }  // container inet6

        container mpls {
          description "MPLS protocol family";
          uses apply-advanced;

          choice label {
            leaf label-1 {
              type empty;
              description
                "Include the first MPLS label in the hash key";
            }
            leaf all-labels {
              type empty;
              description
                "Include all MPLS labels in hash key";
            }
            leaf no-labels {
              type empty;
              description
                "Exclude all MPLS labels from hash key";
            }
            leaf bottom-label-1 {
              type empty;
              description
                "Include the first MPLS label from bottom-of-stack in the hash key";
            }
          }  // choice label

          leaf label-2 {
            junos:must "(".. label-1")";
            junos:must-message "Must also specify label 1;";
            type empty;
            description
              "Include the second MPLS label in the hash key";
          }

          leaf label-3 {
            junos:must "(".. label-2")";
            junos:must-message "Must also specify label 2;";
            type empty;
            description
              "Include the third MPLS label in the hash key";
          }

          container payload {
            junos:must "((".. label-1" || (".. no-labels" || (".. all-labels" || ".. bottom-label-1"))))";
            junos:must-message "Either label-1, bottom-label-1, all-labels or no-labels statement is mandatory";
            description
              "Include payload data in the hash key";
            uses apply-advanced;

            container ether-pseudowire {
              presence
                "enable ether-pseudowire";
              description
                "Load-balance IP over ethernet PW";
              uses apply-advanced;
            }  // container ether-pseudowire

            container ip {
              presence "enable ip";
              description
                "Include IPv4 or IPv6 payload data in the hash key";
              uses apply-advanced;

              choice layer-4-select {
                choice ip-payload {
                  leaf layer-3-only {
                    type empty;
                    description
                      "Include only layer-3 IP information";
                  }
                  leaf enable {
                    type empty;
                    description
                      "Include layer3/4 IP payload in the hash key";
                  }
                  leaf disable {
                    type empty;
                    description
                      "Exclude layer3/4 IP payload in the hash key";
                  }
                }  // choice ip-payload
                container port-data {
                  presence
                    "enable port-data";
                  uses apply-advanced;

                  leaf source-msb {
                    type empty;
                    description
                      "Include the most significant byte of the source port";
                  }

                  leaf source-lsb {
                    type empty;
                    description
                      "Include the least significant byte of the source port";
                  }

                  leaf destination-msb {
                    type empty;
                    description
                      "Include the most significant byte of the destination port";
                  }

                  leaf destination-lsb {
                    type empty;
                    description
                      "Include the least significant byte of the destination port";
                  }
                }  // container port-data
              }  // choice layer-4-select
            }  // container ip
          }  // container payload
        }  // container mpls

        container multiservice {
          description
            "Multiservice protocol family";
          uses apply-advanced;

          leaf source-mac {
            type empty;
            description
              "Include source MAC address in hash key";
          }

          leaf destination-mac {
            type empty;
            description
              "Include destination MAC address in hash key";
          }
        }  // container multiservice
      }  // container family
    }  // grouping junos_hash_key

    grouping layer2_pm_family_output_type {
      uses apply-advanced;

      choice interface-or-next-hop-index {
        leaf interface {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Interface through which to send sampled traffic";
        }
        leaf next-hop-group {
          junos:must "(!(".. no-filter-check"))";
          junos:must-message "no-filter-check is not allowed with next-hop-group";
          junos:must "("forwarding-options next-hop-group $$ group-type layer-2")";
          junos:must-message "Referenced next-hop-group must be defined as layer-2 group";
          type string;
          description
            "Next-hop-group through which to send port-mirror traffic";
        }
        list routing-instance {
          key "name";
          max-elements 1;
          description "Routing instances";
          uses layer2_pm_output-routing-instance-type;
        }  // list routing-instance
        list vlan {
          key "name";
          max-elements 1;
          description
            "Outgoing VLAN for mirrored packets";
          uses pm-rspan-vlan;
        }  // list vlan

        case case_5 {
        }  // case case_5
      }  // choice interface-or-next-hop-index

      leaf no-filter-check {
        type empty;
        description
          "Do not check for filters on port-mirroring interface";
      }
    }  // grouping layer2_pm_family_output_type

    grouping layer2_pm_output-routing-instance-type {
      leaf name {
        type string {
          junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
          junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
        }
        description "Routing instance name";
      }

      uses apply-advanced;

      list vlan {
        key "name";
        max-elements 1;
        description
          "Outgoing VLAN for mirrored packets";
        uses pm-rspan-vlan;
      }  // list vlan
    }  // grouping layer2_pm_output-routing-instance-type

    grouping ldap-server-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Hostname can only contain alphanumeric characters, '.', '-', and '_'. The format of IPv4 address is 'n.n.n.n'";
        }
        description
          "Hostname or IPv4 address of LDAP server";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        default "389";
        description
          "LDAP server port number";
      }

      leaf source-address {
        type jt:ipv4addr;
        description
          "Use specified address as source address";
      }

      leaf routing-instance {
        junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))";
        junos:must-message "referenced routing-instance must be defined";
        type string;
        description
          "Use specified routing instance";
      }

      leaf retry {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        default "3";
        description
          "Number of times to resend requests";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "3 .. 90";
          }
        }
        units "seconds";
        default "5";
        description
          "Delay before resending unacknowledged request";
      }

      leaf tls-type {
        type enumeration {
          enum "start-tls" {
            value 0;
            description
              "Negotiate start-tls for connection";
          }
        }
      }

      leaf tls-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "3 .. 90";
          }
        }
        units "seconds";
        default "5";
        description
          "Limit on tls handshake time";
      }

      leaf tls-min-version {
        type enumeration {
          enum "v1.1" {
            value 0;
            description
              "Require tls 1.1 and 1.2";
          }
          enum "v1.2" {
            value 1;
            description "Require tls 1.2";
          }
        }
        default "v1.2";
      }

      leaf no-tls-certificate-check {
        type empty;
        description
          "Do not validate peer certificate";
      }

      leaf tls-peer-name {
        type string {
          length "1 .. 255";
        }
        description "Expected peer fdqn";
      }
    }  // grouping ldap-server-object

    grouping ldp-sync-obj {
      uses apply-advanced;

      choice enable-disable {
        leaf disable {
          type empty;
          description
            "Disable LDP synchronization";
        }
      }  // choice enable-disable

      leaf hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "Time during which maximum metric is advertised";
      }
    }  // grouping ldp-sync-obj

    grouping ldp_filter_obj {
      description
        "Filter to apply to tracing";
      leaf match-on {
        type enumeration {
          enum "fec" {
            value 0;
            description
              "Filter based on FEC associated to the traced object.";
          }
          enum "address" {
            value 1;
            description
              "Filter based on packet source and destination addresses.";
          }
        }
        description
          "Argument on which to match";
      }

      leaf-list policy {
        type jt:policy-algebra;
        ordered-by user;
        description "Filter policy";
      }
    }  // grouping ldp_filter_obj

    grouping localauth-subscriber-object {
      leaf name {
        type string;
        description "Subscriber username";
      }

      uses apply-advanced;

      leaf password {
        type string {
          length "1 .. 64";
        }
        description
          "Password for the subscriber";
      }

      leaf framed-ip-address {
        type jt:ipv4addr;
        description
          "IP address to assign to the subscriber";
      }

      leaf framed-pool {
        junos:must "("access address-assignment pool $$")";
        junos:must-message "referenced address pool must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Pool name to assign an IP address to the subscriber";
      }

      leaf delegated-pool {
        junos:must "("access address-assignment pool $$")";
        junos:must-message "referenced address pool must be defined";
        type string {
          length "1 .. 64";
        }
        description
          "Pool name to assign an IPv6 delegated prefix to the subscriber";
      }

      leaf framed-ipv6-pool {
        junos:must "("access address-assignment pool $$")";
        junos:must-message "referenced address pool must be defined";
        type string {
          length "1 .. 64";
        }
        description
          "Pool name to assign an IPv6 address or NDRA prefix to the subscriber";
      }

      choice ri_or_ls {
        leaf target-routing-instance {
          type string;
          description
            "Routing instance to be assigned to the subscriber";
        }
        container target-logical-system {
          presence
            "enable target-logical-system";
          description
            "Logical system to be assigned to the subscriber";
          uses apply-advanced;

          leaf logical-system-name {
            junos:must "("logical-systems $$")";
            junos:must-message "Referenced logical system must be defined";
            type string;
            description
              "Logical system name";
          }

          leaf target-routing-instance {
            type string;
            description "Routing instance ";
          }
        }  // container target-logical-system
      }  // choice ri_or_ls
    }  // grouping localauth-subscriber-object

    grouping log-object {
      description "Configure security log";
      uses apply-advanced;

      list exclude {
        key "name";
        ordered-by user;
        status deprecated;
        description
          "List of security log criteria to exclude from the audit log";
        leaf name {
          type string;
          description
            "Exclude criteria name";
        }

        uses apply-advanced;

        leaf destination-address {
          type jt:ipaddr;
          description "Destination address";
        }

        leaf destination-port {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Destination port";
        }

        leaf event-id {
          type string;
          description "Event ID filter";
        }

        leaf failure {
          type empty;
          description "Event was a failure";
        }

        leaf interface-name {
          type string;
          description "Name of interface";
        }

        leaf policy-name {
          type string;
          description "Policy name filter";
        }

        leaf process {
          type string;
          description
            "Process that generated the event";
        }

        leaf protocol {
          type string;
          description "Protocol filter";
        }

        leaf source-address {
          type jt:ipaddr;
          description "Source address";
        }

        leaf source-port {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Source port";
        }

        leaf success {
          type empty;
          description "Event was successful";
        }

        leaf username {
          type string;
          description "Username filter";
        }
      }  // list exclude

      leaf limit {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        default "10000";
        status deprecated;
        description
          "Limit number of security log entries to keep in memory";
      }

      container cache {
        presence "enable cache";
        description
          "Cache security log events in the audit log buffer";
        uses apply-advanced;

        list exclude {
          junos:must "(!(".. .. exclude"))";
          junos:must-message "'security log cache exclude' and 'security log exclude' are mutually exclusive";
          key "name";
          ordered-by user;
          description
            "List of security log criteria to exclude from the audit log";
          leaf name {
            type string;
            description
              "Exclude criteria name";
          }

          uses apply-advanced;

          leaf destination-address {
            type jt:ipaddr;
            description
              "Destination address";
          }

          leaf destination-port {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Destination port";
          }

          leaf event-id {
            type string;
            description "Event ID filter";
          }

          leaf failure {
            type empty;
            description
              "Event was a failure";
          }

          leaf interface-name {
            type string;
            description "Name of interface";
          }

          leaf policy-name {
            type string;
            description "Policy name filter";
          }

          leaf process {
            type string;
            description
              "Process that generated the event";
          }

          leaf protocol {
            type string;
            description "Protocol filter";
          }

          leaf source-address {
            type jt:ipaddr;
            description "Source address";
          }

          leaf source-port {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Source port";
          }

          leaf success {
            type empty;
            description
              "Event was successful";
          }

          leaf username {
            type string;
            description "Username filter";
          }
        }  // list exclude

        leaf limit {
          junos:must "(!(".. .. limit"))";
          junos:must-message "'security log cache limit' and 'security log limit' are mutually exclusive";
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          default "10000";
          description
            "Limit number of security log entries to keep in memory";
        }
      }  // container cache

      leaf disable {
        type empty;
        description
          "Disable security logging for the device";
      }

      leaf utc-timestamp {
        type empty;
        description
          "Use UTC time for security log timestamps";
      }

      leaf mode {
        type enumeration {
          enum "stream" {
            value 0;
            description
              "Process security logs directly in the forwarding plane";
          }
          enum "event" {
            value 1;
            description
              "Process security logs in the control plane";
          }
          enum "stream-event" {
            value 2;
            description
              "Process security logs in both forwarding plane and control plane";
          }
        }
        description
          "Controls how security logs are processed and exported";
      }

      leaf event-rate {
        junos:must "(("security log mode event" || ("services service-set ${service-set} syslog mode event" || ("security log mode stream-event" || "services service-set ${service-set} syslog mode stream-event"))))";
        junos:must-message "To configure event-rate, security log must be in event or stream-event mode";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 1500";
          }
        }
        units "logs per second";
        description
          "Control plane event rate";
      }

      leaf format {
        type enumeration {
          enum "syslog" {
            value 0;
            description "Traditional syslog";
          }
          enum "sd-syslog" {
            value 1;
            description "Structured syslog";
          }
          enum "binary" {
            value 2;
            description "Binary log";
          }
        }
        description
          "Set security log format for the device";
      }

      leaf escape {
        type empty;
        description
          "Enable escape defined by RFC5424 for the sd and binary format logs";
      }

      container time-format {
        description
          "Configure year or millisecond for syslog";
        uses time-format-object;
      }  // container time-format

      leaf rate-cap {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 5000";
          }
        }
        units "logs per second";
        description "Data plane event rate";
      }

      leaf max-database-record {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        default "0";
        description
          "Maximum records in database";
      }

      container report {
        presence "enable report";
        description
          "Set security log report settings";
        uses apply-advanced;

        container logs-per-table {
          presence "enable logs-per-table";
          description
            "Log number per table in database";
          uses apply-advanced;

          leaf session-all {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Log number of session";
          }

          leaf screen {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Log number of screen";
          }

          leaf idp {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description "Log number of idp";
          }

          leaf utm {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description "Log number of utm";
          }

          leaf ipsec-vpn {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Log number of ipsec-vpn";
          }

          leaf sky {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description "Log number of sky";
          }
        }  // container logs-per-table

        leaf table-lifetime {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 365";
            }
          }
          default "90";
          description
            "Table lifetime day(s)";
        }

        container table-mode {
          presence "enable table-mode";
          description "Report table mode";
          uses apply-advanced;

          leaf dense {
            type empty;
            description
              "Applicable when massive log and long duration";
          }
        }  // container table-mode

        container database-filter {
          presence "enable database-filter";
          description
            "Check the logs whether should be inserted into database";
          uses apply-advanced;

          list event-category {
            key "name";
            ordered-by user;
            description
              "Filter by event-category";
            leaf name {
              type enumeration {
                enum "session" {
                  value 0;
                  description "Session log";
                }
                enum "screen" {
                  value 1;
                  description "Screen log";
                }
                enum "idp" {
                  value 2;
                  description "IDP log";
                }
                enum "webfilter" {
                  value 3;
                  description
                    "Webfilter log";
                }
                enum "content-filter" {
                  value 4;
                  description
                    "Content-filter log";
                }
                enum "anti-virus" {
                  value 5;
                  description
                    "Antivirus log";
                }
                enum "anti-spam" {
                  value 6;
                  description
                    "Anti-spam log";
                }
                enum "ipsec" {
                  value 7;
                  description
                    "IPsec VPN log";
                }
                enum "sky" {
                  value 8;
                  description "Sky ATP log";
                }
                enum "secintel" {
                  value 9;
                  description "Secintel log";
                }
                enum "icap" {
                  value 10;
                  description "ICAP log";
                }
                enum "ssl-proxy" {
                  value 11;
                  description
                    "SSL proxy log";
                }
                enum "dnsf" {
                  value 12;
                  description "DNSF log";
                }
                enum "session-create" {
                  value 13;
                  description
                    "Session create log";
                }
                enum "session-close" {
                  value 14;
                  description
                    "Session close log";
                }
                enum "session-deny" {
                  value 15;
                  description
                    "Session deny log";
                }
              }
              description "Name";
            }

            uses apply-advanced;
          }  // list event-category

          leaf exclude {
            type empty;
            description "Exclude the logs";
          }
        }  // container database-filter
      }  // container report

      choice source {
        leaf source-address {
          junos:must "(!("services service-set ${service-set} syslog mode event"))";
          junos:must-message "To configure source address, mode must be stream or stream-event";
          type jt:ipaddr;
          description
            "Source ip address used when exporting security logs";
        }
        leaf source-interface {
          junos:must "(!("services service-set ${service-set} syslog mode event"))";
          junos:must-message "To configure source interface, mode must be stream or stream-event";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Source interface used when exporting security logs";
        }
      }  // choice source

      container transport {
        junos:must "(!("services service-set ${service-set} syslog mode event"))";
        junos:must-message "To configure transport info, mode must be stream or stream-event";
        presence "enable transport";
        description
          "Set security log transport settings";
        uses apply-advanced;

        leaf tcp-connections {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 5";
            }
          }
          description
            "Set tcp connection number per-stream";
        }

        leaf protocol {
          type enumeration {
            enum "udp" {
              value 0;
              description
                "UDP transfer for log";
            }
            enum "tcp" {
              value 1;
              description
                "TCP transfer for log";
            }
            enum "tls" {
              value 2;
              description
                "TLS transfer for log";
            }
          }
          description
            "Set security log transport protocol for the device";
        }

        leaf tls-profile {
          junos:must "("services ssl initiation profile $$")";
          junos:must-message "SSl profile must be defined under [services ssl initiation profile]";
          type string;
          description "TLS profile";
        }
      }  // container transport

      leaf facility-override {
        type enumeration {
          enum "authorization" {
            value 0;
            description
              "Authorization system";
          }
          enum "daemon" {
            value 1;
            description
              "Various system processes";
          }
          enum "ftp" {
            value 2;
            description "FTP process";
          }
          enum "kernel" {
            value 3;
            description "Kernel";
          }
          enum "user" {
            value 4;
            description "User processes";
          }
          enum "local0" {
            value 5;
            description
              "Local logging option number 0";
          }
          enum "local1" {
            value 6;
            description
              "Local logging option number 1";
          }
          enum "local2" {
            value 7;
            description
              "Local logging option number 2";
          }
          enum "local3" {
            value 8;
            description
              "Local logging option number 3";
          }
          enum "local4" {
            value 9;
            description
              "Local logging option number 4";
          }
          enum "local5" {
            value 10;
            description
              "Local logging option number 5";
          }
          enum "local6" {
            value 11;
            description
              "Local logging option number 6";
          }
          enum "local7" {
            value 12;
            description
              "Local logging option number 7";
          }
        }
        description
          "Alternate facility for logging to remote host";
      }

      leaf local-log-tag {
        junos:must "(!("services service-set ${service-set} syslog mode stream"))";
        junos:must-message "To configure local-log-tag, mode must be event or stream-event";
        type string {
          junos:posix-pattern "![ =:]{1,15}";
          junos:pattern-message "Must be a string of 15 characters or less";
        }
        description "Tag included in logs";
      }

      list local-category {
        junos:must "(!("services service-set ${service-set} syslog mode stream"))";
        junos:must-message "To configure local-category, mode must be event or stream-event";
        key "name";
        ordered-by user;
        description
          "Selects the type of events that may be logged locally";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description
                "All events are logged";
            }
            enum "content-security" {
              value 1;
              description
                "Content security events are logged";
            }
            enum "fw-auth" {
              value 2;
              description
                "Fw-auth events are logged";
            }
            enum "screen" {
              value 3;
              description
                "Screen events are logged";
            }
            enum "alg" {
              value 4;
              description
                "Alg events are logged";
            }
            enum "nat" {
              value 5;
              description
                "Nat events are logged";
            }
            enum "flow" {
              value 6;
              description
                "Flow events are logged";
            }
            enum "sctp" {
              value 7;
              description
                "Sctp events are logged";
            }
            enum "gtp" {
              value 8;
              description
                "Gtp events are logged";
            }
            enum "ipsec" {
              value 9;
              description
                "Ipsec events are logged";
            }
            enum "idp" {
              value 10;
              description
                "Idp events are logged";
            }
            enum "rtlog" {
              value 11;
              description
                "Rtlog events are logged";
            }
            enum "pst-ds-lite" {
              value 12;
              description
                "Pst-ds-lite events are logged";
            }
            enum "appqos" {
              value 13;
              description
                "Appqos events are logged";
            }
            enum "secintel" {
              value 14;
              description
                "Secintel events are logged";
            }
            enum "aamw" {
              value 15;
              description
                "AAMW events are logged";
            }
            enum "sfw" {
              value 16;
              description
                "Stateful Firewall events are logged";
            }
            enum "session" {
              value 17;
              description
                "Session open and close events are logged";
            }
            enum "session-open" {
              value 18;
              description
                "Session open events are logged";
            }
            enum "session-close" {
              value 19;
              description
                "Session close events are logged";
            }
            enum "urlf" {
              value 20;
              description
                "URLF events are logged";
            }
            enum "ha" {
              value 21;
              description
                "Stateful High-Availability open and close events are logged";
            }
            enum "ha-open" {
              value 22;
              description
                "Stateful High-Availability open events are logged";
            }
            enum "ha-close" {
              value 23;
              description
                "Stateful High-Availability close events are logged";
            }
            enum "pcp" {
              value 24;
              description "PCP logs";
            }
            enum "dnsf" {
              value 25;
              description "DNSF";
            }
          }
        }

        uses apply-advanced;
      }  // list local-category

      leaf root-streaming {
        type empty;
        description
          "Logs will be streamed from the Root LSYS";
      }

      list stream {
        junos:must "(!("services service-set ${service-set} syslog mode event"))";
        junos:must-message "To configure stream, mode must be stream or stream-event";
        key "name";
        max-elements 8;
        ordered-by user;
        description
          "Set security log stream settings";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]._-]+$";
            junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
            length "1 .. 63";
          }
          description
            "Name of security log stream";
        }

        uses apply-advanced;

        leaf severity {
          type enumeration {
            enum "emergency" {
              value 0;
              description
                "Conditions that cause security functions to stop";
            }
            enum "alert" {
              value 1;
              description
                "Conditions that require immediate attention";
            }
            enum "critical" {
              value 2;
              description
                "Critical conditions";
            }
            enum "error" {
              value 3;
              description
                "General error conditions";
            }
            enum "warning" {
              value 4;
              description
                "General warning conditions";
            }
            enum "notice" {
              value 5;
              description
                "Non-error conditions that are of interest";
            }
            enum "info" {
              value 6;
              description
                "Information about normal security operations";
            }
            enum "debug" {
              value 7;
              description
                "Information normally used in debugging";
            }
          }
          description
            "Severity threshold for security logs";
        }

        leaf format {
          type enumeration {
            enum "syslog" {
              value 0;
              description
                "Traditional syslog";
            }
            enum "sd-syslog" {
              value 1;
              description
                "Structured syslog";
            }
            enum "welf" {
              value 2;
              description
                "Web Trends Extended Log Format";
            }
            enum "binary" {
              value 3;
              description "Binary log";
            }
          }
          description
            "Specify the log stream format";
        }

        list category {
          junos:must "(!("security log stream ${stream} filter"))";
          junos:must-message "Category is exclusive with filter";
          key "name";
          ordered-by user;
          description
            "Selects the type of events that may be logged";
          leaf name {
            type enumeration {
              enum "all" {
                value 0;
                description
                  "All events are logged";
              }
              enum "content-security" {
                value 1;
                description
                  "Content security events are logged";
              }
              enum "fw-auth" {
                value 2;
                description
                  "Fw-auth events are logged";
              }
              enum "screen" {
                value 3;
                description
                  "Screen events are logged";
              }
              enum "alg" {
                value 4;
                description
                  "Alg events are logged";
              }
              enum "nat" {
                value 5;
                description
                  "Nat events are logged";
              }
              enum "flow" {
                value 6;
                description
                  "Flow events are logged";
              }
              enum "sctp" {
                value 7;
                description
                  "Sctp events are logged";
              }
              enum "gtp" {
                value 8;
                description
                  "Gtp events are logged";
              }
              enum "ipsec" {
                value 9;
                description
                  "Ipsec events are logged";
              }
              enum "idp" {
                value 10;
                description
                  "Idp events are logged";
              }
              enum "rtlog" {
                value 11;
                description
                  "Rtlog events are logged";
              }
              enum "pst-ds-lite" {
                value 12;
                description
                  "Pst-ds-lite events are logged";
              }
              enum "appqos" {
                value 13;
                description
                  "Appqos events are logged";
              }
              enum "secintel" {
                value 14;
                description
                  "Secintel events are logged";
              }
              enum "aamw" {
                value 15;
                description
                  "AAMW events are logged";
              }
              enum "sfw" {
                value 16;
                description
                  "Stateful Firewall events are logged";
              }
              enum "session" {
                value 17;
                description
                  "Session open and close events are logged";
              }
              enum "session-open" {
                value 18;
                description
                  "Session open events are logged";
              }
              enum "session-close" {
                value 19;
                description
                  "Session close events are logged";
              }
              enum "urlf" {
                value 20;
                description
                  "URLF events are logged";
              }
              enum "ha" {
                value 21;
                description
                  "Stateful High-Availability open and close events are logged";
              }
              enum "ha-open" {
                value 22;
                description
                  "Stateful High-Availability open events are logged";
              }
              enum "ha-close" {
                value 23;
                description
                  "Stateful High-Availability close events are logged";
              }
              enum "pcp" {
                value 24;
                description "PCP logs";
              }
              enum "dnsf" {
                value 25;
                description "DNSF";
              }
            }
          }

          uses apply-advanced;
        }  // list category

        list filter {
          junos:must "(!("security log stream ${stream} category"))";
          junos:must-message "filter is exclusive with category";
          key "name";
          ordered-by user;
          description
            "Selects the filter to filter the logs to be logged";
          leaf name {
            type enumeration {
              enum "threat-attack" {
                value 0;
                description
                  "Threat-attack security events are logged";
              }
            }
          }

          uses apply-advanced;
        }  // list filter

        container host {
          junos:must "(!("security log stream ${stream} file"))";
          junos:must-message "host is exclusive with file";
          junos:must "(("security log source-address" || ("security log source-interface" || ("security log stream ${stream} source-address" || ("services service-set ${service-set} syslog source-interface" || ("services service-set ${service-set} syslog source-address" || "services service-set ${service-set} syslog stream ${stream} source-address"))))))";
          junos:must-message "To configure host stream, security log source-address/source-interface must be configured";
          description
            "Destination to send security logs to";
          uses host-object;
        }  // container host

        container rate-limit {
          description
            "Rate-limit for security logs";
          uses apply-advanced;

          leaf rate {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 65535";
              }
            }
            units "logs per second";
            description "Log rate";
          }
        }  // container rate-limit

        container file {
          junos:must "(!("security log stream ${stream} host"))";
          junos:must-message "file is exclusive with host";
          description
            "Security log file options for logs in local file";
          uses apply-advanced;

          leaf localfilename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 256";
            }
            description
              "Name of local log file";
          }

          leaf size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum size of local log file in megabytes";
          }

          leaf rotation {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            default "10";
            description
              "Maximum number of rotate files";
          }

          leaf allow-duplicates {
            type empty;
            description
              "To disable log consolidation";
          }
        }  // container file

        container transport {
          presence "enable transport";
          description
            "Set security log transport settings";
          uses apply-advanced;

          leaf tcp-connections {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 5";
              }
            }
            description
              "Set tcp connection number per-stream";
          }

          leaf protocol {
            type enumeration {
              enum "udp" {
                value 0;
                description
                  "UDP transfer for log";
              }
              enum "tcp" {
                value 1;
                description
                  "TCP transfer for log";
              }
              enum "tls" {
                value 2;
                description
                  "TLS transfer for log";
              }
            }
            description
              "Set security log transport protocol for the device";
          }

          leaf tls-profile {
            junos:must "("services ssl initiation profile $$")";
            junos:must-message "SSL profile must be defined under [services ssl initiation profile]";
            type string;
            description "TLS profile";
          }
        }  // container transport

        container time-format {
          description
            "Configure year or millisecond for syslog";
          uses time-format-object;
        }  // container time-format

        leaf source-address {
          type jt:ipaddr;
          description
            "Source ip address used when exporting security logs";
        }
      }  // list stream

      container file {
        description
          "Security log file options for logs in binary/protobuf format";
        uses apply-advanced;

        leaf filename {
          type string {
            length "1 .. 256";
          }
          description "Name of log file";
        }

        leaf size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 10";
            }
          }
          description
            "Maximum size of log file in megabytes";
        }

        leaf path {
          type string {
            length "1 .. 256";
          }
          description "Path to log files";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10";
            }
          }
          description
            "Maximum number of log files";
        }
      }  // container file

      container apply {
        description
          "Apply settings from other features";
        uses apply-advanced;

        leaf dscp-code-point {
          junos:must "("class-of-service host-outbound-traffic dscp-code-point")";
          junos:must-message "class-of-service host-outbound-traffic dscp-code-point must be defined";
          type empty;
          description
            "Apply setting class-of-service host-outbound-traffic dscp-code-point";
        }
      }  // container apply

      container traceoptions {
        description
          "Security log daemon trace options";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description
            "List of things to include in trace";
          leaf name {
            type enumeration {
              enum "source" {
                value 0;
                description
                  "Communication with security log forwarder";
              }
              enum "configuration" {
                value 1;
                description
                  "Reading of configuration";
              }
              enum "all" {
                value 2;
                description "Everything";
              }
              enum "report" {
                value 3;
                description "Trace report";
              }
              enum "hpl" {
                value 4;
                description
                  "Trace HPL logging";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      list profile {
        key "name";
        max-elements 10;
        ordered-by user;
        description
          "Security log profile setting";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:].-]+$";
            junos:pattern-message "Must be a string consisting of letters, numbers, dashes";
            length "1 .. 63";
          }
          description
            "Name of security log profile";
        }

        uses apply-advanced;

        list stream-name {
          junos:must "((".. category" || ".. template"))";
          junos:must-message "To send logs must define cagetory or template";
          key "name";
          max-elements 4;
          ordered-by user;
          description "Use which stream ";
          leaf name {
            junos:must "("security log stream $$")";
            junos:must-message "stream must be defined under [security log stream]";
            type string;
            description "Name of the stream";
          }

          uses apply-advanced;
        }  // list stream-name

        container category {
          junos:must "(!(" .. template"))";
          junos:must-message "Cannot configure category and template for the same profile";
          presence "enable category";
          description
            "Selects the category of events for the profile";
          uses apply-advanced;

          container session {
            presence "enable session";
            description
              "Select session category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container session

          container webfilter {
            presence "enable webfilter";
            description
              "Select webfilter category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container webfilter

          container antivirus {
            presence "enable antivirus";
            description
              "Select antivirus category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container antivirus

          container content-filter {
            presence "enable content-filter";
            description
              "Select content-filter category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container content-filter

          container antispam {
            presence "enable antispam";
            description
              "Select antispam category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container antispam

          container idp {
            presence "enable idp";
            description
              "Select idp category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container idp

          container secintel {
            presence "enable secintel";
            description
              "Select secintel category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container secintel

          container aamw {
            presence "enable aamw";
            description
              "Select aamw category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container aamw

          container ssl-proxy {
            presence "enable ssl-proxy";
            description
              "Select ssl-proxy category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container ssl-proxy

          container apptrack {
            presence "enable apptrack";
            description
              "Select apptrack category";
            uses apply-advanced;

            list field-extra-name {
              key "name";
              description
                "Select the extra Fields, only apply to sd-syslog and syslog formt";
              leaf name {
                type enumeration {
                  enum "sd-id" {
                    value 0;
                    description
                      "Add SD-ID field, only apply to sd-syslog and syslog formt";
                  }
                  enum "hostname" {
                    value 1;
                    description
                      "Add hostname field, only apply to sd-syslog and syslog formt";
                  }
                  enum "timestamp" {
                    value 2;
                    description
                      "Add timestamp field, only apply to sd-syslog and syslog formt";
                  }
                }
                description
                  "The name of the extra field";
              }

              uses apply-advanced;
            }  // list field-extra-name

            list field-name {
              key "name";
              ordered-by user;
              description
                "Select the fields by order";
              leaf name {
                type string;
                description
                  "The name of the field";
              }

              uses apply-advanced;
            }  // list field-name
          }  // container apptrack
        }  // container category

        container default-profile {
          presence "enable default-profile";
          uses apply-advanced;

          leaf activate {
            type empty;
            description
              "Set this profile as default profile";
          }
        }  // container default-profile

        container template {
          junos:must "(!(" .. category"))";
          junos:must-message "Cannot configure category and template for the same profile";
          presence "enable template";
          description
            "Select the template for the profile";
          uses apply-advanced;

          choice template-id {
            leaf traditional-firewall {
              type empty;
              description
                "Traditional-firewall";
            }
            leaf unified-ngfw {
              type empty;
              description "Unified-ngfw";
            }
            leaf sd-wan {
              type empty;
              description "Sd-wan";
            }
          }  // choice template-id
        }  // container template
      }  // list profile
    }  // grouping log-object

    grouping host-object {
      uses apply-advanced;

      leaf ipaddr {
        type string {
          length "1 .. 256";
        }
        description "IP address/Host name";
      }

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Host port number";
      }

      leaf routing-instance {
        junos:must "((("security" && "routing-instances $$ instance-type virtual-router") || "services"))";
        junos:must-message "Virtual router must be defined under [routing-instances]";
        junos:must "("routing-instances $$")";
        junos:must-message "Routing-instance must be defined";
        type string;
        description "Routing-instance name";
      }

      leaf log-tag {
        type string {
          junos:posix-pattern "![ =:]{1,15}";
          junos:pattern-message "Must be a string of 15 characters or less";
        }
        description
          "Tag included in logs to this host";
      }
    }  // grouping host-object

    grouping logical-system-type {
      description "Logical system name";
      leaf name {
        junos:must "("logical-systems $$")";
        junos:must-message "Logical systems must be defined under [logical-systems] ";
        type string;
        description "Logical system name";
      }

      uses apply-advanced;

      leaf max-sessions {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Max number of IDP sessions";
      }
    }  // grouping logical-system-type

    grouping lsp-set-match-type {
      uses apply-advanced;

      leaf lsp-name {
        junos:must "((!(".. lsp-regex") && (!(".. p2mp-name") && !(".. p2mp-regex"))))";
        junos:must-message "Can't configure lsp-name when lsp-regex or p2mp-name or p2mp-regex is configured";
        type string;
        description
          "LSP name that matches this string";
      }

      leaf lsp-regex {
        junos:must "((!(".. lsp-name") && (!(".. p2mp-name") && !(".. p2mp-regex"))))";
        junos:must-message "Can't configure lsp-regex when lsp-name or p2mp-name or p2mp-regex is configured";
        type string;
        description
          "All LSPs that match this regular expression pattern";
      }

      leaf p2mp-name {
        junos:must "((!(".. lsp-name") && (!(".. lsp-regex") && !(".. p2mp-regex"))))";
        junos:must-message "Can't configure p2mp-name when lsp-name or lsp-regex or p2mp-regex is configured";
        type string;
        description
          "P2MP names that match this string";
      }

      leaf p2mp-regex {
        junos:must "((!(".. lsp-name") && (!(".. lsp-regex") && !(".. p2mp-name"))))";
        junos:must-message "Can't configure p2mp-regex when lsp-name or lsp-regex or p2mp-name is configured";
        type string;
        description
          "P2MP names that match this regular expression pattern";
      }

      choice router-type {
        leaf egress {
          type empty;
          description
            "All LSPs for which this router is egress";
        }
        leaf ingress {
          type empty;
          description
            "All LSPs for which this router is ingress";
        }
        leaf transit {
          type empty;
          description
            "All LSPs for which this router is transit";
        }
      }  // choice router-type
    }  // grouping lsp-set-match-type

    grouping lsp_nh_obj {
      leaf name {
        type string;
        description
          "LSP to use to reach destination";
      }

      uses apply-advanced;

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of LSP next hop";
      }

      leaf metric {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Metric of LSP next hop";
      }
    }  // grouping lsp_nh_obj

    grouping macro-data-type {
      leaf name {
        type string;
        description
          "Keyword part of the keyword-value pair";
      }

      leaf value {
        type string;
        description
          "Value part of the keyword-value pair";
      }
    }  // grouping macro-data-type

    grouping martian_type {
      description "Invalid routes";
      leaf address {
        type jt:ipprefix;
        description "IP address or hostname";
      }

      leaf choice-ident {
        type enumeration {
          enum "exact" {
            value 0;
          }
          enum "longer" {
            value 1;
          }
          enum "orlonger" {
            value 2;
          }
          enum "upto" {
            value 3;
          }
          enum "through" {
            value 4;
          }
          enum "prefix-length-range" {
            value 5;
          }
          enum "allow" {
            value 6;
          }
        }
      }

      leaf choice-value {
        type string;
      }

      leaf allow {
        type empty;
      }
    }  // grouping martian_type

    grouping message-object {
      uses apply-advanced;

      container v0 {
        description "GTPv0 message type";
        uses apply-advanced;

        leaf msg-list-name {
          junos:must "(("security gprs gtp message-list $$" || "security gtp message-list $$"))";
          junos:must-message "referenced message-list not found";
          type string {
            length "1 .. 23";
          }
          description
            "GTP message list name";
        }
      }  // container v0

      container v1 {
        description "GTPv1 message type";
        uses apply-advanced;

        leaf msg-list-name {
          junos:must "(("security gprs gtp message-list $$" || "security gtp message-list $$"))";
          junos:must-message "referenced message-list not found";
          type string {
            length "1 .. 23";
          }
          description
            "GTP message list name";
        }
      }  // container v1

      container v2 {
        description "GTPv2 message type";
        uses apply-advanced;

        leaf msg-list-name {
          junos:must "(("security gprs gtp message-list $$" || "security gtp message-list $$"))";
          junos:must-message "referenced message-list not found";
          type string {
            length "1 .. 23";
          }
          description
            "GTP message list name";
        }
      }  // container v2
    }  // grouping message-object

    grouping mime-list-type {
      description
        "Configure mime-list object";
      leaf name {
        type string {
          junos:posix-pattern "^[a-zA-Z_]+[a-zA-Z_0-9-]*$";
          junos:pattern-message "Must be a string beginning with a letter or underscore and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 40";
        }
        description
          "Configure name of mime-list object";
      }

      uses apply-advanced;

      leaf-list value {
        type string {
          length "1 .. 249";
        }
        ordered-by user;
        description "Configure MIME value";
      }
    }  // grouping mime-list-type

    grouping mirror-filter-type {
      description
        "Secuirty mirror filter settings";
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string of letters, numbers, dashes or underscores";
          length "1 .. 63";
        }
        description "Name of the filter";
      }

      uses apply-advanced;

      leaf protocol {
        type string;
        description "Match IP protocol type";
      }

      leaf source-prefix {
        type jt:ipprefix;
        description
          "Source IP address prefix";
      }

      leaf destination-prefix {
        type jt:ipprefix;
        description
          "Destination IP address prefix";
      }

      leaf source-port {
        type string;
        description
          "Match TCP/UDP source port";
      }

      leaf destination-port {
        type string;
        description
          "Match TCP/UDP destination port";
      }

      leaf interface-in {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Incoming Logical interface";
      }

      leaf interface-out {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Outgoing Logical interface";
      }

      container output {
        description
          "Configure output interface and MAC address";
        uses apply-advanced;

        leaf interface {
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Outgoing Logical interface";
        }

        leaf destination-mac {
          type string;
          description "MAC address to match";
        }
      }  // container output
    }  // grouping mirror-filter-type

    grouping mpls_pm_family_output_type {
      uses apply-advanced;
    }  // grouping mpls_pm_family_output_type

    grouping mrp-trace-options {
      description
        "Trace options for MMRP Protocol";
      uses apply-advanced;

      container file {
        description "Trace file options";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf replace {
          type empty;
          status deprecated;
          description
            "Replace trace file rather than appending to it";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "10";
          description
            "Maximum number of trace files";
        }

        leaf no-stamp {
          type empty;
          status deprecated;
          description
            "Do not timestamp trace file";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice
      }  // container file

      list flag {
        junos:must "(".. file")";
        junos:must-message "Trace file name required to enable tracing";
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "events" {
              value 0;
              description
                "Trace events to the protocol state machine";
            }
            enum "pdu" {
              value 1;
              description
                "Trace RAPS PDU reception and transmission";
            }
            enum "timers" {
              value 2;
              description
                "Trace protocol timers";
            }
            enum "state-machine" {
              value 3;
              description
                "Trace information of the state machine";
            }
            enum "socket" {
              value 4;
              description
                "Trace soccket activity";
            }
            enum "error" {
              value 5;
              description
                "Trace all failure conditions";
            }
            enum "all" {
              value 6;
              description "Trace all";
            }
          }
        }

        leaf disable {
          type empty;
          description
            "Disable this trace flag";
        }
      }  // list flag
    }  // grouping mrp-trace-options

    grouping mstp-interface {
      leaf name {
        type string;
      }

      uses apply-advanced;

      leaf priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "0 .. 255";
          }
        }
        description
          "Interface priority (in increments of 16 - 0,16,..240)";
      }

      leaf cost {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 200000000";
          }
        }
        description "Cost of the interface";
      }

      leaf mode {
        type enumeration {
          enum "point-to-point" {
            value 0;
            description
              "Interface mode is point-to-point";
          }
          enum "shared" {
            value 1;
            description
              "Interface mode is shared";
          }
        }
        description
          "Interface mode (P2P or shared)";
      }

      leaf edge {
        type empty;
        description "Port is an edge port";
      }

      leaf access-trunk {
        type empty;
        description
          "Send/Receive untagged RSTP BPDUs on this interface";
      }

      container bpdu-timeout-action {
        presence
          "enable bpdu-timeout-action";
        description
          "Define action on BPDU expiry (Loop Protect)";
        uses apply-advanced;

        leaf block {
          type empty;
          description "Block the interface";
        }

        leaf alarm {
          type empty;
          description "Generate an alarm";
        }
      }  // container bpdu-timeout-action

      leaf no-root-port {
        type empty;
        description
          "Do not allow the interface to become root (Root Protect)";
      }

      leaf disable {
        type empty;
        description
          "Disable Spanning Tree on port";
      }
    }  // grouping mstp-interface

    grouping multicast_interface_options_type {
      description
        "Multicast interface options";
      leaf name {
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface name";
      }

      uses apply-advanced;

      container maximum-bandwidth {
        presence "enable maximum-bandwidth";
        description
          "Maximum multicast bandwidth for the interface";
        leaf bandwidth-limit {
          type string;
          units "bps";
          description
            "Maximum multicast bandwidth on the interface";
        }
      }  // container maximum-bandwidth

      choice enable-disable {
        leaf enable {
          type empty;
          status deprecated;
          description "Enable Multicast";
        }
        leaf disable {
          type empty;
          status deprecated;
          description "Disable Multicast";
        }
      }  // choice enable-disable

      container reverse-oif-mapping {
        presence
          "enable reverse-oif-mapping";
        description
          "Enable reverse OIF mapping on the multicast interface";
        uses apply-advanced;

        leaf no-qos-adjust {
          type empty;
          description
            "Disable reverse OIF mapping QoS adjustment";
        }
      }  // container reverse-oif-mapping

      leaf subscriber-leave-timer {
        junos:must "(".. reverse-oif-mapping")";
        junos:must-message "reverse-oif-mapping must be set";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 30";
          }
        }
        units "seconds";
        description
          "Timeout in seconds to credit back the bandwidth on the subscriber interface";
      }

      leaf no-qos-adjust {
        type empty;
        description
          "Disable QoS adjustment for this interface";
      }
    }  // grouping multicast_interface_options_type

    grouping named-address-book-type {
      description
        "Configure global address book";
      leaf name {
        type string;
        description "Address book name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of address book";
      }

      list address {
        key "name";
        ordered-by user;
        description
          "Define a security address";
        uses address_type;
      }  // list address

      list address-set {
        key "name";
        ordered-by user;
        description
          "Define a security address set";
        uses address_set_type;
      }  // list address-set

      container attach {
        junos:must "(!("security address-book global attach"))";
        junos:must-message "It is not allowed to attach the global address book to any particular interface, zone or routing-instance.";
        description
          "Attach this address book to interface, zone or routing-instance";
        uses apply-advanced;

        list zone {
          key "name";
          ordered-by user;
          description
            "Define a zone to be attached";
          leaf name {
            junos:must "(unique "security address-book <*> attach zone $$")";
            junos:must-message "Security zone must be unique in address books";
            junos:must "("security zones security-zone $$")";
            junos:must-message "Security zone must be defined";
            type string {
              length "1 .. 63";
            }
            description "Security zone name";
          }

          uses apply-advanced;
        }  // list zone
      }  // container attach
    }  // grouping named-address-book-type

    grouping address_set_type {
      leaf name {
        junos:must "(!(".. .. address $$"))";
        junos:must-message "Security address and address-set cannot have same name";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]:./_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, colons, periods, slashes, dashes and underscores";
          length "1 .. 63";
        }
        description
          "Security address-set name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of address set";
      }

      list address {
        key "name";
        max-elements 16384;
        ordered-by user;
        description
          "Address to be included in this set";
        leaf name {
          junos:must "(".. .. .. address $$")";
          junos:must-message "referenced address must be defined under address-book";
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]:./_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, colons, periods, slashes, dashes and underscores";
            length "1 .. 63";
          }
          description
            "Security address name";
        }

        uses apply-advanced;
      }  // list address

      list address-set {
        key "name";
        max-elements 16384;
        ordered-by user;
        description
          "Define an address-set name";
        leaf name {
          junos:must "(".. .. .. address-set $$")";
          junos:must-message "referenced address must be defined under address-book";
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]:./_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, colons, periods, slashes, dashes and underscores";
            length "1 .. 63";
          }
        }

        uses apply-advanced;
      }  // list address-set
    }  // grouping address_set_type

    grouping address_type {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]:./_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, colons, periods, slashes, dashes and underscores";
          length "1 .. 63";
        }
        description "Security address name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of address";
      }

      choice address-content {
        leaf ip-prefix {
          type jt:ipprefix;
          description
            "Numeric IPv4 or IPv6 address with prefix";
        }
        list dns-name {
          key "name";
          max-elements 1;
          ordered-by user;
          description "DNS address name";
          uses dns-name-type;
        }  // list dns-name
        list wildcard-address {
          key "name";
          max-elements 1;
          ordered-by user;
          description
            "Numeric IPv4 wildcard address with in the form of a.d.d.r/netmask";
          uses wildcard-address-type;
        }  // list wildcard-address
        list range-address {
          key "name";
          max-elements 1;
          ordered-by user;
          description "Address range";
          uses range-address-type;
        }  // list range-address
        list address-range {
          key "name";
          max-elements 1;
          ordered-by user;
          description "Address range";
          uses usf-range-address-type;
        }  // list address-range
      }  // choice address-content
    }  // grouping address_type

    grouping dns-name-type {
      description "DNS address name";
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
          junos:pattern-message "Must be a valid DNS name";
          length "1 .. 253";
        }
        description
          "Fully qualified hostname";
      }

      uses apply-advanced;

      leaf ipv4-only {
        type empty;
        description "IPv4 dns address";
      }

      leaf ipv6-only {
        junos:must "(!(".. ipv4-only"))";
        junos:must-message "ipv4-only and ipv6-only cannot be configured together";
        type empty;
        description "IPv6 dns address";
      }
    }  // grouping dns-name-type

    grouping nat-object {
      description
        "Configure Network Address Translation";
      uses apply-advanced;

      container source {
        description "Configure Source NAT";
        uses ssg-source-nat-object;
      }  // container source

      container destination {
        description
          "Configure Destination NAT";
        uses ssg-destination-nat-object;
      }  // container destination

      container static {
        description "Configure Static NAT";
        uses ssg-static-nat-object;
      }  // container static

      container proxy-arp {
        description "Configure Proxy ARP";
        uses ssg-proxy-arp-object;
      }  // container proxy-arp

      container proxy-ndp {
        description "Configure Proxy NDP";
        uses ssg-proxy-ndp-object;
      }  // container proxy-ndp

      container natv6v4 {
        description
          "Configure NAT between IPv6 and IPv4 options";
        uses apply-advanced;

        leaf no-v6-frag-header {
          type empty;
          description
            "V6 packet does not always add fragment header when performing nat translation from v4 side to v6 side ";
        }
      }  // container natv6v4

      leaf allow-overlapping-pools {
        type empty;
        description
          "IP addresses of NAT pools can overlap with other pool";
      }

      container traceoptions {
        description "NAT trace options";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Trace configuration events";
              }
              enum "flow" {
                value 1;
                description
                  "Trace flow events";
              }
              enum "routing-socket" {
                value 2;
                description
                  "Trace routing socket events";
              }
              enum "routing-protocol" {
                value 3;
                description
                  "Trace routing protocol events";
              }
              enum "all" {
                value 4;
                description
                  "Trace everything";
              }
              enum "source-nat-re" {
                value 5;
                description
                  "Trace source nat events on RE side";
              }
              enum "source-nat-rt" {
                value 6;
                description
                  "Trace source nat events on PFE-RT side";
              }
              enum "source-nat-pfe" {
                value 7;
                description
                  "Trace source nat events on PFE-ukernel side";
              }
              enum "destination-nat-re" {
                value 8;
                description
                  "Trace destination nat events on RE side";
              }
              enum "destination-nat-rt" {
                value 9;
                description
                  "Trace destination nat events on PFE-RT side";
              }
              enum "destination-nat-pfe" {
                value 10;
                description
                  "Trace destination nat events on PFE-ukernel side";
              }
              enum "static-nat-re" {
                value 11;
                description
                  "Trace static nat events on RE side";
              }
              enum "static-nat-rt" {
                value 12;
                description
                  "Trace static nat events on PFE-RT side";
              }
              enum "static-nat-pfe" {
                value 13;
                description
                  "Trace static nat events on PFE-ukernel side";
              }
              enum "nat-svc-set-re" {
                value 14;
                description
                  "Trace NAT and svc-set events on RE side";
              }
            }
          }

          leaf syslog {
            type empty;
            description
              "Write NAT flow traces to system log also";
          }
        }  // list flag
      }  // container traceoptions

      list ipv6-multicast-interfaces {
        key "name";
        ordered-by user;
        description
          "Enable IPv6 multicast filter for IPv6 NAT";
        leaf name {
          type string;
          description "Interface name";
        }

        uses apply-advanced;

        leaf disable {
          type empty;
          description
            "Disable IPv6 multicast filter for IPv6 NAT";
        }
      }  // list ipv6-multicast-interfaces

      list port-forwarding {
        key "name";
        ordered-by user;
        description
          "Define a port-forwarding pool";
        uses pf_mapping;
      }  // list port-forwarding
    }  // grouping nat-object

    grouping network_type {
      leaf name {
        type jt:ipprefix;
        description "Network prefix";
      }

      uses apply-advanced;

      leaf-list dyn-tunnel-attribute-policy {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Import policy for dynamic-tunnel under this destination network";
      }

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of tunnel route under this destination network";
      }

      leaf-list colors {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        ordered-by user;
        description
          "Set of color list that will be supported for tunnel creation";
      }
    }  // grouping network_type

    grouping next_hop_group_intf_type {
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface through which to send sampled traffic";
      }

      uses apply-advanced;

      list next-hop {
        junos:must "((".. .. group-type inet" || ".. .. group-type inet6"))";
        junos:must-message "Next-hop can be specified only for group-type inet or inet6";
        key "name";
        ordered-by user;
        description
          "Address of next hop through which to send sampled traffic";
        uses next_hop_type;
      }  // list next-hop
    }  // grouping next_hop_group_intf_type

    grouping next_hop_subgroup_intf_type {
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface through which to send sampled traffic";
      }

      uses apply-advanced;

      list next-hop {
        junos:must "((".. .. .. group-type inet" || ".. .. .. group-type inet6"))";
        junos:must-message "Next-hop can be specified only for group-type inet or inet6";
        key "name";
        ordered-by user;
        description
          "Address of next hop through which to send sampled traffic";
        uses next_hop_type;
      }  // list next-hop
    }  // grouping next_hop_subgroup_intf_type

    grouping next_hop_type {
      description
        "Address of next hop through which to send sampled traffic";
      leaf name {
        type jt:ipaddr;
      }

      uses apply-advanced;
    }  // grouping next_hop_type

    grouping override-local-server-type {
      description "DHCP override processing";
      uses apply-advanced;

      leaf bootp-support {
        type empty;
        description
          "Allow processing of bootp requests";
      }

      container delay-offer {
        description
          "Filter options for dhcp-server";
        uses dhcpv4-filter-option;
      }  // container delay-offer

      container process-inform {
        presence "enable process-inform";
        description "Process INFORM PDUs";
        uses apply-advanced;

        leaf pool {
          type string {
            length "1 .. 64";
          }
          description
            "Pool name for family inet";
        }
      }  // container process-inform

      container include-option-82 {
        description
          "Include option-82 in reply packets";
        uses apply-advanced;

        leaf nak {
          type empty;
          description
            "Include option-82 in NAK";
        }

        leaf forcerenew {
          type empty;
          description
            "Include option-82 in FORCERENEW";
        }
      }  // container include-option-82

      leaf delete-binding-on-renegotiation {
        type empty;
        description
          "Delete binding on renegotiation";
      }

      leaf allow-no-end-option {
        type empty;
        description
          "Allow packets without end-of-option";
      }

      leaf asymmetric-lease-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "600 .. 86400";
          }
        }
        units "seconds";
        description
          "Use a reduced lease time for the client. In seconds";
      }

      leaf protocol-attributes {
        type string {
          length "1 .. 64";
        }
        description
          "DHCPv4 attributes to use as defined under access protocol-attributes";
      }

      leaf dual-stack {
        type string {
          length "1 .. 64";
        }
        description
          "Dual stack group to use";
      }
    }  // grouping override-local-server-type

    grouping dhcpv4-filter-option {
      description
        "Generic DHCPv4 filter processing";
      uses apply-advanced;

      leaf delay-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 30";
          }
        }
        units "seconds";
        default "3";
        description
          "Time delay between discover and offer";
      }

      container based-on {
        description "Option number";
        uses apply-advanced;

        container option-82 {
          presence "enable option-82";
          description "Option 82";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-82

        container option-60 {
          presence "enable option-60";
          description "Option 60";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-60

        container option-77 {
          presence "enable option-77";
          description "Option 77";
          uses apply-advanced;

          container equals {
            description
              "Generic option equals";
            uses server-v6-option-ascii-hex;
          }  // container equals

          container not-equals {
            description
              "Generic option not equals";
            uses server-v6-option-ascii-hex;
          }  // container not-equals

          container starts-with {
            description
              "Generic option starts-with";
            uses server-v6-option-ascii-hex;
          }  // container starts-with
        }  // container option-77
      }  // container based-on
    }  // grouping dhcpv4-filter-option

    grouping override-type {
      description "DHCP override processing";
      uses apply-advanced;

      leaf no-unicast-replies {
        junos:must "(!(".. layer2-unicast-replies"))";
        junos:must-message "no-unicast-replies cannot be configured with layer2-unicast-replies";
        type empty;
        description
          "Overwrite unicast bit in incoming packet, when present";
      }

      leaf allow-no-end-option {
        type empty;
        description
          "Allow packets without end-of-option";
      }

      container always-write-option-82 {
        presence
          "enable always-write-option-82";
        description
          "Overwrite existing value of option 82, when present";
        uses write-option-82-type;
      }  // container always-write-option-82

      leaf user-defined-option-82 {
        type string {
          length "1 .. 252";
        }
        description
          "Set user defined description for option-82";
      }

      leaf trust-option-82 {
        type empty;
        description
          "Trust options-82 option";
      }

      leaf disable-relay {
        type empty;
        description
          "Disable DHCP relay processing";
      }

      leaf no-bind-on-request {
        type empty;
        description
          "Do not bind if stray DHCP request is received";
      }

      leaf bootp-support {
        type empty;
        description
          "Allows relay of bootp req and reply";
      }

      leaf dual-stack {
        type string {
          length "1 .. 64";
        }
        description
          "Dual stack group to use.";
      }

      leaf asymmetric-lease-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "600 .. 86400";
          }
        }
        units "seconds";
        description
          "Use a reduced lease time for the client. In seconds";
      }

      container replace-ip-source-with {
        description
          "Replace IP source address in request and release packets";
        choice replacement-type {
          leaf giaddr {
            type empty;
            description
              "Replace IP source address with giaddr";
          }
        }  // choice replacement-type
      }  // container replace-ip-source-with

      leaf send-release-on-delete {
        type empty;
        description
          "Always send RELEASE to the server when a binding is deleted";
      }

      leaf relay-source {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface for relay source";
      }

      leaf delete-binding-on-renegotiation {
        type empty;
        description
          "Delete binding on rengotiation";
      }
    }  // grouping override-type

    grouping p2mp_ldp_lsp_nh_obj {
      uses apply-advanced;

      list root-address {
        key "name";
        description
          "Configure the root address of P2MP LSP";
        leaf name {
          type jt:ipaddr;
          description
            "Root address of the P2MP LSP";
        }

        uses apply-advanced;

        leaf lsp-id {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 65535";
            }
          }
          description
            "Configure the generic LSP identifier";
        }

        list group-address {
          key "name";
          description
            "IPv4/Ipv6 group address for mLDP LSP";
          leaf name {
            type jt:ipaddr;
            description
              "IPv4/Ipv6 group address";
          }

          uses apply-advanced;

          list source-address {
            key "name";
            description
              "IPv4/Ipv6 source address";
            leaf name {
              type jt:ipaddr;
              description
                "IPv4/Ipv6 source address for mLDP LSP";
            }

            uses apply-advanced;
          }  // list source-address
        }  // list group-address
      }  // list root-address
    }  // grouping p2mp_ldp_lsp_nh_obj

    grouping packet-capture-egress-intf-type {
      uses apply-advanced;

      list interface {
        key "name";
        description "Interface options";
        leaf name {
          type union {
            type jt:interface-device;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;
      }  // list interface
    }  // grouping packet-capture-egress-intf-type

    grouping packet_accounting_output_type {
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      leaf flow-inactive-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "15 .. 1800";
          }
        }
        units "seconds";
        default "60";
        description
          "Interval of inactivity that marks a flow inactive";
      }

      leaf flow-active-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "60 .. 1800";
          }
        }
        units "seconds";
        default "1800";
        description
          "Interval after which an active flow is exported";
      }

      list cflowd {
        junos:must "(all ".. interface <*> source-address")";
        junos:must-message "'forwarding-options accounting output interface source-address' must be specified with 'flow-server' and 'interface'";
        junos:must "(any ".. interface <*>")";
        junos:must-message "'forwarding-options accounting output interface' must be specified";
        key "name";
        description
          "Cflowd collector where flow records are sent";
        uses cflowd_packet_accounting_type;
      }  // list cflowd

      list interface {
        key "name";
        description
          "Interfaces used to send monitored information";
        uses packet_export_intf_type;
      }  // list interface
    }  // grouping packet_accounting_output_type

    grouping cflowd_packet_accounting_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf version {
        type enumeration {
          enum "5" {
            value 0;
            description
              "Export cflowd aggregates in version 5 format";
          }
          enum "8" {
            value 1;
            description
              "Export cflowd aggregates in version 8 format";
          }
        }
        default "5";
        description
          "Format of exported cflowd aggregates";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation
    }  // grouping cflowd_packet_accounting_type

    grouping aggregation_type {
      uses apply-advanced;

      leaf autonomous-system {
        type empty;
        description
          "Aggregate by autonomous system number";
      }

      leaf protocol-port {
        type empty;
        description
          "Aggregate by protocol and port number";
      }

      leaf source-prefix {
        type empty;
        description
          "Aggregate by source prefix";
      }

      leaf destination-prefix {
        type empty;
        description
          "Aggregate by destination prefix";
      }

      container source-destination-prefix {
        presence
          "enable source-destination-prefix";
        description
          "Aggregate by source and destination prefix";
        uses apply-advanced;

        leaf caida-compliant {
          type empty;
          description
            "Compatible with Caida record format for prefix aggregation (v8)";
        }
      }  // container source-destination-prefix
    }  // grouping aggregation_type

    grouping packet_export_intf_type {
      leaf name {
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interfaces used to send monitored information";
      }

      uses apply-advanced;

      leaf engine-id {
        type union {
          type uint8;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Identity (number) of this accounting interface";
      }

      leaf engine-type {
        type union {
          type uint8;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Type (number) of this accounting interface";
      }

      leaf source-address {
        type jt:ipaddr;
        description
          "Address to use for generating monitored packets";
      }
    }  // grouping packet_export_intf_type

    grouping periodic_oam {
      uses apply-advanced;

      container mpls-tp-mode {
        presence "enable mpls-tp-mode";
        description
          "MPLS-TP Mode, Do not use IP addressing for OAM";
        uses apply-advanced;

        container lsping-channel-type {
          description
            "Supported Control-channel types for MPLS-TP mode....";
          uses apply-advanced;

          choice action-choice {
            leaf ipv4 {
              type empty;
              description
                "Use channel-type IPv4(0x0021), With IP-UDP encapsulation";
            }
            leaf on-demand-cv {
              type empty;
              description
                "Use channel-type On-Demand-CV(0x0025), Without IP-UDP encapsulation";
            }
          }  // choice action-choice
        }  // container lsping-channel-type
      }  // container mpls-tp-mode

      container bfd-port {
        description
          "Egress knob to select MHOP-BFD port for MPLS BFD";
        uses apply-advanced;

        leaf-list import {
          type jt:policy-algebra;
          ordered-by user;
          description "Import policy";
        }
      }  // container bfd-port

      container bfd-liveness-detection {
        description
          "Bidirectional Forwarding Detection options";
        uses apply-advanced;

        leaf version {
          type enumeration {
            enum "0" {
              value 0;
              description
                "BFD version 0 (deprecated)";
            }
            enum "1" {
              value 1;
              description "BFD version 1";
            }
            enum "automatic" {
              value 2;
              description
                "Choose BFD version automatically";
            }
          }
          default "automatic";
          description
            "BFD protocol version number";
        }

        leaf minimum-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum transmit and receive interval";
        }

        leaf minimum-transmit-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          status deprecated;
          description
            "Minimum transmit interval";
        }

        leaf minimum-receive-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum receive interval";
        }

        leaf multiplier {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255";
            }
          }
          default "3";
          description
            "Detection time multiplier";
        }

        choice adaptation-choice {
          leaf no-adaptation {
            type empty;
            description "Disable adaptation";
          }
        }  // choice adaptation-choice

        container transmit-interval {
          description
            "Transmit-interval options";
          uses apply-advanced;

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit interval";
          }

          leaf threshold {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "milliseconds";
            description
              "High transmit interval triggering a trap";
          }
        }  // container transmit-interval

        container detection-time {
          description
            "Detection-time options";
          uses apply-advanced;

          leaf threshold {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "milliseconds";
            description
              "High detection-time triggering a trap";
          }
        }  // container detection-time

        container failure-action {
          description
            "Action to take when BFD session goes down";
          choice action-choice {
            leaf teardown {
              type empty;
              description
                "Teardown label switched path and resignal";
            }
            container make-before-break {
              presence
                "enable make-before-break";
              description
                "Resignal the label switched path before teardown";
              uses apply-advanced;

              leaf teardown-timeout {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 30";
                  }
                }
                units "seconds";
                description
                  "Time to wait before teardown";
              }
            }  // container make-before-break
          }  // choice action-choice
        }  // container failure-action

        leaf no-router-alert-option {
          type empty;
          description
            "Do not set Router-Alert options in IP header for MPLS-BFD";
        }

        leaf use-ip-ttl-1 {
          type empty;
          description
            "Set TTL value to 1 in IP header for MPLS-BFD";
        }
      }  // container bfd-liveness-detection

      container performance-monitoring {
        description
          "Performance monitoring options";
        uses apply-advanced;

        container traceoptions {
          description "Trace options for PM";
          uses apply-advanced;

          container file {
            description "Trace file options";
            leaf filename {
              type string {
                junos:posix-pattern "![/ %]";
                junos:pattern-message "Must not contain '/', % or a space";
                length "1 .. 1024";
              }
              description
                "Name of file in which to write trace information";
            }

            leaf replace {
              type empty;
              status deprecated;
              description
                "Replace trace file rather than appending to it";
            }

            leaf size {
              type string;
              description
                "Maximum trace file size";
            }

            leaf files {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "2 .. 1000";
                }
              }
              default "10";
              description
                "Maximum number of trace files";
            }

            leaf no-stamp {
              type empty;
              status deprecated;
              description
                "Do not timestamp trace file";
            }

            choice world-readable-choice {
              leaf world-readable {
                type empty;
                description
                  "Allow any user to read the log file";
              }
              leaf no-world-readable {
                type empty;
                description
                  "Don't allow any user to read the log file";
              }
            }  // choice world-readable-choice
          }  // container file

          list flag {
            key "name";
            ordered-by user;
            description "Tracing parameters";
            leaf name {
              type enumeration {
                enum "init" {
                  value 0;
                  description
                    "Trace init commnad";
                }
                enum "error" {
                  value 1;
                  description
                    "Trace error conditions";
                }
                enum "event" {
                  value 2;
                  description
                    "Trace state machine events";
                }
                enum "general" {
                  value 3;
                  description
                    "Trace general events";
                }
                enum "packet" {
                  value 4;
                  description
                    "Trace various packets ";
                }
                enum "timer" {
                  value 5;
                  description
                    "Trace timer processing";
                }
                enum "all" {
                  value 6;
                  description
                    "Trace everything";
                }
              }
            }
          }  // list flag
        }  // container traceoptions

        container querier {
          junos:must "(".. .. .. ultimate-hop-popping")";
          junos:must-message "Performance monitoring can be configured only on ultimate-hop-popping LSPs";
          junos:must "(".. .. .. associate-lsp")";
          junos:must-message "Performance monitoring can be configured only for associated LSPs";
          description "Querier options";
          uses apply-advanced;

          container loss {
            description
              "Loss measurement options";
            uses apply-advanced;

            list traffic-class {
              key "name";
              description
                "Traffic class specific options";
              leaf name {
                type enumeration {
                  enum "tc-0" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 0;
                    description
                      "Traffic class 0";
                  }
                  enum "tc-1" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 1;
                    description
                      "Traffic class 1";
                  }
                  enum "tc-2" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 2;
                    description
                      "Traffic class 2";
                  }
                  enum "tc-3" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 3;
                    description
                      "Traffic class 3";
                  }
                  enum "tc-4" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 4;
                    description
                      "Traffic class 4";
                  }
                  enum "tc-5" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 5;
                    description
                      "Traffic class 5";
                  }
                  enum "tc-6" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 6;
                    description
                      "Traffic class 6";
                  }
                  enum "tc-7" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 7;
                    description
                      "Traffic class 7";
                  }
                  enum "all" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 8;
                    description
                      "All Traffic class";
                  }
                  enum "none" {
                    value 9;
                    description
                      "No Traffic class";
                  }
                }
                description
                  "Traffic class value";
              }

              uses apply-advanced;

              leaf query-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range
                      "1000 .. 4294967295";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf measurement-quantity {
                type enumeration {
                  enum "bytes" {
                    value 0;
                    description
                      "Byte loss measurement";
                  }
                  enum "packets" {
                    value 1;
                    description
                      "Packet loss measurement";
                  }
                }
                default "packets";
                description
                  "Loss measurement quantity";
              }

              leaf average-sample-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 30";
                  }
                }
                description
                  "Number of samples used in average calculation";
              }

              leaf loss-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                description
                  "Loss threshold value";
              }

              leaf loss-threshold-window {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 30";
                  }
                }
                description
                  "Number of samples for loss threshold calculation";
              }
            }  // list traffic-class
          }  // container loss

          container delay {
            description
              "Delay measurement options";
            uses apply-advanced;

            list traffic-class {
              key "name";
              description
                "Traffic class specific options";
              leaf name {
                type enumeration {
                  enum "tc-0" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 0;
                    description
                      "Traffic class 0";
                  }
                  enum "tc-1" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 1;
                    description
                      "Traffic class 1";
                  }
                  enum "tc-2" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 2;
                    description
                      "Traffic class 2";
                  }
                  enum "tc-3" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 3;
                    description
                      "Traffic class 3";
                  }
                  enum "tc-4" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 4;
                    description
                      "Traffic class 4";
                  }
                  enum "tc-5" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 5;
                    description
                      "Traffic class 5";
                  }
                  enum "tc-6" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 6;
                    description
                      "Traffic class 6";
                  }
                  enum "tc-7" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 7;
                    description
                      "Traffic class 7";
                  }
                  enum "all" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 8;
                    description
                      "All Traffic classes";
                  }
                }
                description
                  "Traffic class value";
              }

              uses apply-advanced;

              leaf query-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range
                      "1000 .. 4294967295";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf padding-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 1500";
                  }
                }
                description
                  "Size of padding";
              }

              leaf average-sample-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 30";
                  }
                }
                description
                  "Number of samples used in average calculation";
              }

              leaf twcd-delay-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                units "microseconds";
                description
                  "Two way channel delay threshold value";
              }

              leaf rtt-delay-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                units "microseconds";
                description
                  "Round trip delay threshold value";
              }
            }  // list traffic-class
          }  // container delay

          container loss-delay {
            description
              "Combined loss-delay measurement options";
            uses apply-advanced;

            list traffic-class {
              key "name";
              description
                "Traffic class specific options";
              leaf name {
                type enumeration {
                  enum "tc-0" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 0;
                    description
                      "Traffic class 0";
                  }
                  enum "tc-1" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 1;
                    description
                      "Traffic class 1";
                  }
                  enum "tc-2" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 2;
                    description
                      "Traffic class 2";
                  }
                  enum "tc-3" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 3;
                    description
                      "Traffic class 3";
                  }
                  enum "tc-4" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 4;
                    description
                      "Traffic class 4";
                  }
                  enum "tc-5" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 5;
                    description
                      "Traffic class 5";
                  }
                  enum "tc-6" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 6;
                    description
                      "Traffic class 6";
                  }
                  enum "tc-7" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 7;
                    description
                      "Traffic class 7";
                  }
                  enum "all" {
                    junos:must "("protocols mpls statistics traffic-class-statistics")";
                    junos:must-message "Traffic class can be configured only for traffic-class-statistics";
                    value 8;
                    description
                      "All Traffic classes";
                  }
                  enum "none" {
                    value 9;
                    description
                      "No Traffic class";
                  }
                }
                description
                  "Traffic class value";
              }

              uses apply-advanced;

              leaf query-interval {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range
                      "1000 .. 4294967295";
                  }
                }
                units "milliseconds";
                description
                  "Minimum transmit interval";
              }

              leaf measurement-quantity {
                type enumeration {
                  enum "bytes" {
                    value 0;
                    description
                      "Byte loss measurement";
                  }
                  enum "packets" {
                    value 1;
                    description
                      "Packet loss measurement";
                  }
                }
                default "packets";
                description
                  "Loss measurement quantity";
              }

              leaf padding-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 1500";
                  }
                }
                description
                  "Size of padding";
              }

              leaf average-sample-size {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 30";
                  }
                }
                description
                  "Number of samples used in average calculation";
              }

              leaf loss-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                description
                  "Loss threshold value";
              }

              leaf loss-threshold-window {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 30";
                  }
                }
                description
                  "Number of samples for loss threshold calculation";
              }

              leaf twcd-delay-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                units "microseconds";
                description
                  "Two way channel delay threshold value";
              }

              leaf rtt-delay-threshold {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4294967295";
                  }
                }
                units "microseconds";
                description
                  "Round trip delay threshold value";
              }
            }  // list traffic-class
          }  // container loss-delay
        }  // container querier

        container responder {
          junos:must "(".. .. .. ultimate-hop-popping")";
          junos:must-message "Performance monitoring can be configured only on ultimate-hop-popping LSPs";
          junos:must "(".. .. .. associate-lsp")";
          junos:must-message "Performance monitoring can be configured only for associated LSPs";
          description "Responder options";
          uses apply-advanced;

          container loss {
            description
              "Loss measurement options";
            uses apply-advanced;

            leaf min-query-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1000 .. 4294967295";
                }
              }
              units "milliseconds";
              description
                "Minimum query interval";
            }
          }  // container loss

          container delay {
            description
              "Delay measurement options";
            uses apply-advanced;

            leaf min-query-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1000 .. 4294967295";
                }
              }
              units "milliseconds";
              description
                "Minimum query interval";
            }
          }  // container delay
        }  // container responder
      }  // container performance-monitoring

      leaf lsp-ping-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "30 .. 3600";
          }
        }
        units "seconds";
        description
          "Time interval between LSP ping messages";
      }

      leaf lsp-ping-multiplier {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "1 .. 5";
          }
        }
        description
          "Number of ping reply missed before declaring BFD down";
      }

      container traceoptions {
        description
          "Trace options for MPLSOAM process";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Trace configuration events";
              }
              enum "pipe" {
                value 1;
                description
                  "Trace pipe activity";
              }
              enum "rpc-packet-details" {
                value 2;
                description
                  "Trace RPC packet details";
              }
              enum "database" {
                value 3;
                description
                  "Trace database activity";
              }
              enum "network" {
                value 4;
                description
                  "Trace network activity";
              }
              enum "traceroute" {
                value 5;
                description
                  "Trace traceroute activity";
              }
              enum "all" {
                value 6;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag
      }  // container traceoptions
    }  // grouping periodic_oam

    grouping pf_mapping {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Port Forwarding name";
      }

      uses apply-advanced;

      list destined-port {
        key "port translated-port";
        max-elements 32;
        ordered-by user;
        description
          "Port forwarding mappings";
        leaf port {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          description "Destination port";
        }

        leaf translated-port {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 65535";
            }
          }
          description "Translated port";
        }
      }  // list destined-port
    }  // grouping pf_mapping

    grouping pim_bootstrap_options_type {
      uses apply-advanced;

      leaf priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 255";
          }
        }
        description
          "Eligibility to be the bootstrap router";
      }

      leaf-list import {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Bootstrap import policy";
      }

      leaf-list export {
        type jt:policy-algebra;
        ordered-by user;
        description
          "Bootstrap export policy";
      }
    }  // grouping pim_bootstrap_options_type

    grouping pim_filter_obj {
      description
        "Filter to apply to tracing";
      leaf match-on {
        type enumeration {
          enum "prefix" {
            value 0;
            description
              "Filter based on prefix";
          }
        }
        description
          "Argument on which to match";
      }

      leaf-list policy {
        type jt:policy-algebra;
        ordered-by user;
        description "Filter policy";
      }
    }  // grouping pim_filter_obj

    grouping pim_rp_group_range_type {
      leaf name {
        type jt:ipprefix;
      }

      uses apply-advanced;

      leaf nexthop-hold-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1000";
          }
        }
        units "milliseconds";
        description
          "Nexthop hold time in milliseconds";
      }
    }  // grouping pim_rp_group_range_type

    grouping pm-rspan-vlan {
      description "RSPAN vlan for pm";
      leaf name {
        type string;
        description "VLAN name or VLAN id";
      }

      uses apply-advanced;

      leaf no-tag {
        type empty;
        description
          "Removes extra RSPAN tag from mirrored packets";
      }
    }  // grouping pm-rspan-vlan

    grouping pm_family_input_type {
      description
        "Input options for port mirroring";
      uses apply-advanced;

      leaf rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Ratio of packets to be sampled (1 out of N)";
      }

      leaf run-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 20";
          }
        }
        description
          "Number of samples after initial trigger";
      }

      leaf maximum-packet-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 9216";
          }
        }
        units "bytes";
        default "0";
        description
          "Maximum length of the mirrored packet";
      }
    }  // grouping pm_family_input_type

    grouping policy-object-type {
      uses apply-advanced;

      container traceoptions {
        description
          "Network Security Policy Tracing Options";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Trace configuration events";
              }
              enum "routing-socket" {
                value 1;
                description
                  "Trace routing socket events";
              }
              enum "compilation" {
                value 2;
                description
                  "Policy compilation events";
              }
              enum "ipc" {
                value 3;
                description
                  "Inter-process communication events";
              }
              enum "rules" {
                value 4;
                description
                  "Policy rules related events";
              }
              enum "lookup" {
                value 5;
                description
                  "Policy lookup events";
              }
              enum "all" {
                value 6;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      list policy {
        key "from-zone-name to-zone-name";
        ordered-by user;
        description
          "Define a policy context from this zone";
        leaf from-zone-name {
          junos:must "((".. .. .. .. security zones security-zone $$" || ".. .. .. .. .. security zones security-zone $$"))";
          junos:must-message "Security zone must be defined";
          type string {
            length "1 .. 63";
          }
          description "Source zone";
        }

        leaf to-zone-name {
          junos:must "((".. .. .. .. security zones security-zone $$" || ".. .. .. .. .. security zones security-zone $$"))";
          junos:must-message "Security zone must be defined";
          type string {
            length "1 .. 63";
          }
          description "Destination zone";
        }

        uses apply-advanced;

        list policy {
          key "name";
          ordered-by user;
          description
            "Define security policy in specified zone-to-zone direction";
          uses policy_type;
        }  // list policy

        container application-services {
          description "Application Services";
          uses context_application_services_type;
        }  // container application-services
      }  // list policy

      container global {
        description
          "Define a global policy context";
        uses apply-advanced;

        list policy {
          key "name";
          ordered-by user;
          description
            "Define security policy in global context";
          uses policy_type;
        }  // list policy
      }  // container global

      list policy-set {
        key "name";
        ordered-by user;
        description
          "Define a policy context for tunnel-inspection";
        leaf name {
          type string {
            length "1 .. 63";
          }
          description "Policy-set name";
        }

        uses apply-advanced;

        list policy {
          key "name";
          ordered-by user;
          description
            "Define security policy in tunnel-inspection context";
          uses policy_type;
        }  // list policy
      }  // list policy-set

      container default-policy {
        description
          "Configure default action when no user-defined policy match";
        uses apply-advanced;

        leaf default-action {
          type enumeration {
            enum "permit-all" {
              value 0;
              description
                "Permit all traffic if no policy match";
            }
            enum "deny-all" {
              value 1;
              description
                "Deny all traffic if no policy match";
            }
          }
          default "deny-all";
          description "Default action";
        }

        leaf log-profile {
          junos:must "("security log profile $$")";
          junos:must-message "RTLOG profile must be defined under [security log profile]";
          type string;
          description "Rtlog profile";
        }
      }  // container default-policy

      container policy-rematch {
        presence "enable policy-rematch";
        description
          "Re-evaluate the policy when changed";
        leaf extensive {
          type empty;
          description
            "Perform policy extensive rematch";
        }
      }  // container policy-rematch

      container policy-stats {
        presence "enable policy-stats";
        description
          "Parameters for policy statistics";
        uses apply-advanced;

        leaf system-wide {
          type enumeration {
            enum "enable" {
              value 0;
              description
                "Enable policy system-wide statistics";
            }
            enum "disable" {
              value 1;
              description
                "Disable policy system-wide statistics";
            }
          }
          description
            "Enable/Disable system-wide policy statistics";
        }
      }  // container policy-stats

      container pre-id-default-policy {
        description
          "Configure default policy action before dynamic application is finally identified";
        uses apply-advanced;

        container then {
          description
            "Specify policy action to take when packet match criteria";
          uses apply-advanced;

          container log {
            description "Enable log";
            uses log_type;
          }  // container log

          container session-timeout {
            description "Session timeout";
            uses session_timeout_type;
          }  // container session-timeout
        }  // container then
      }  // container pre-id-default-policy

      container unified-policy {
        description
          "Unified policies lookup limitations";
        uses apply-advanced;

        leaf max-lookups {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          description
            "Max lookup times upon micro-app transaction finals";
        }
      }  // container unified-policy

      container dns-cache {
        description
          "Define security policy dns-cache behaviors";
        uses apply-advanced;

        container error-response-delete-ip {
          presence
            "enable error-response-delete-ip";
          description
            "Clear DNS cache entry IP on error DNS response";
          uses apply-advanced;

          leaf retry-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "5 .. 86400";
              }
            }
            units "seconds";
            default "300";
            description
              "Interval between deleting IP and resending DNS requests";
          }
        }  // container error-response-delete-ip
      }  // container dns-cache

      list stateful-firewall-rule {
        key "name";
        ordered-by user;
        description
          "Define a stateful-firewall-rule";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes, underscores, forward slashes, colons and dots.";
            length "1 .. 63";
          }
          description
            "Stateful-firewall-rule name";
        }

        uses apply-advanced;

        leaf match-direction {
          type enumeration {
            enum "input" {
              value 0;
              description
                "Match on input to interface";
            }
            enum "output" {
              value 1;
              description
                "Match on output from interface";
            }
            enum "input-output" {
              value 2;
              description
                "Match on input to or output from interface";
            }
          }
          description
            "Direction for which the rule match is applied";
        }

        list policy {
          key "name";
          ordered-by user;
          description
            "Define a stateful-firewall policy";
          uses policy_type;
        }  // list policy
      }  // list stateful-firewall-rule

      list stateful-firewall-rule-set {
        key "name";
        ordered-by user;
        description
          "Defines a set of stateful firewall rules";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes, underscores, forward slashes, colons and dots.";
            length "1 .. 63";
          }
          description
            "Name of the stateful firewall rule set";
        }

        uses apply-advanced;

        list stateful-firewall-rule {
          key "name";
          ordered-by user;
          description
            "Rule to be included in this stateful firewall rule set";
          leaf name {
            junos:must "("services policies stateful-firewall-rule $$")";
            junos:must-message "Undefined stateful-firewall-rule. Rule must be configured under policies";
            type string {
              junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]{0,62}$";
              junos:pattern-message "Must be a string beginning with a number or letter and consisting of no more than 63 total letters, numbers, dashes, underscores, forward slashes, colons and dots.";
            }
            description
              "Stateful-firewall-rule name";
          }

          uses apply-advanced;
        }  // list stateful-firewall-rule
      }  // list stateful-firewall-rule-set
    }  // grouping policy-object-type

    grouping context_application_services_type {
      uses apply-advanced;

      leaf security-metadata-streaming-policy {
        junos:must "("services security-metadata-streaming policy $$")";
        junos:must-message "security-metadata-streaming policy must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Specify security-metadata-streaming-policy";
      }
    }  // grouping context_application_services_type

    grouping log_type {
      uses apply-advanced;

      leaf session-init {
        type empty;
        description
          "Log at session init time";
      }

      leaf session-close {
        type empty;
        description
          "Log at session close time";
      }

      leaf session-update {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 1440";
          }
        }
        units "minutes";
        default "0";
        description
          "Log with specified interval (0 to disable this log)";
      }

      leaf sfw {
        type empty;
        description
          "Display Stateful-fire-wall SYSLOGs";
      }

      leaf profile {
        junos:must "("security log profile $$ stream-name")";
        junos:must-message "RTLOG profile with stream must be defined under [security log profile]";
        type string;
        description "Name of rtlog profile";
      }
    }  // grouping log_type

    grouping policy_type {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Security policy name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of policy";
      }

      container match {
        description
          "Specify security policy match-criteria";
        uses apply-advanced;

        choice source-address_choice {
          leaf-list source-address {
            type string;
            ordered-by user;
          }
        }  // choice source-address_choice

        choice destination-address_choice {
          leaf-list destination-address {
            type string;
            ordered-by user;
          }
        }  // choice destination-address_choice

        leaf source-address-excluded {
          type empty;
          description
            "Exclude source addresses";
        }

        leaf destination-address-excluded {
          type empty;
          description
            "Exclude destination addresses";
        }

        choice application_type_choice {
          leaf-list application {
            type string;
            ordered-by user;
          }
        }  // choice application_type_choice

        choice source_identity_choice {
          leaf-list source-identity {
            type string;
            ordered-by user;
          }
        }  // choice source_identity_choice

        choice source_identity_feed_choice {
          leaf-list source-identity-feed {
            type string {
              length "1 .. 64";
            }
            ordered-by user;
            description
              "Specify source-identity-feed name from list to match";
          }
        }  // choice source_identity_feed_choice

        choice destination_identity_feed_choice {
          leaf-list destination-identity-feed {
            type string {
              length "1 .. 64";
            }
            ordered-by user;
            description
              "Specify destination-identity-feed name from list to match";
          }
        }  // choice destination_identity_feed_choice

        choice source_end_user_profile_choice {
          container source-end-user-profile {
            description
              "Match source end user profile";
            uses match_source_end_user_profile_value;
          }  // container source-end-user-profile
        }  // choice source_end_user_profile_choice

        choice dynamic_application_type_choice {
          leaf-list dynamic-application {
            type string;
            ordered-by user;
          }
        }  // choice dynamic_application_type_choice

        choice url_category_type_choice {
          leaf-list url-category {
            type string;
            ordered-by user;
          }
        }  // choice url_category_type_choice

        choice from_zone_choice {
          leaf-list from-zone {
            type string;
            ordered-by user;
          }
        }  // choice from_zone_choice

        choice to_zone_choice {
          leaf-list to-zone {
            type string;
            ordered-by user;
          }
        }  // choice to_zone_choice

        choice source_vrf_choice {
          leaf-list source-l3vpn-vrf-group {
            junos:must "("security l3vpn vrf-group $$")";
            junos:must-message "referenced vrf-group must configured";
            type string;
            ordered-by user;
            description "L3VPN group name";
          }
        }  // choice source_vrf_choice

        choice dst_vrf_choice {
          leaf-list destination-l3vpn-vrf-group {
            junos:must "("security l3vpn vrf-group $$")";
            junos:must-message "referenced vrf-group must configured";
            type string;
            ordered-by user;
            description "L3VPN group name";
          }
        }  // choice dst_vrf_choice
      }  // container match

      container then {
        description
          "Specify policy action to take when packet match criteria";
        uses apply-advanced;

        choice action {
          container deny {
            presence "enable deny";
            description "Deny packets";
            uses apply-advanced;

            container application-services {
              description
                "Application Services";
              uses apply-advanced;

              container security-intelligence {
                description
                  "Generate security intellegence feeds";
                uses security_intelligence_feeds;
              }  // container security-intelligence
            }  // container application-services
          }  // container deny
          container reject {
            presence "enable reject";
            description "Reject packets";
            uses apply-advanced;

            leaf profile {
              junos:must "("security dynamic-application profile $$")";
              junos:must-message "Dynamic-application profile must be defined";
              type string;
              description
                "Profile for redirect HTTP/S traffic";
            }

            container ssl-proxy {
              presence "enable ssl-proxy";
              description
                "SSL proxy services";
              uses apply-advanced;

              leaf profile-name {
                junos:must "("services ssl proxy profile $$")";
                junos:must-message "Referenced SSL proxy profile is not defined";
                type string;
                description
                  "Specify SSL proxy service profile name";
              }
            }  // container ssl-proxy

            container application-services {
              description
                "Application Services";
              uses apply-advanced;

              container security-intelligence {
                description
                  "Generate security intellegence feeds";
                uses security_intelligence_feeds;
              }  // container security-intelligence
            }  // container application-services
          }  // container reject
          container permit {
            presence "enable permit";
            description "Permit packets";
            uses apply-advanced;

            container tunnel {
              junos:must "(!(".. .. .. match dynamic-application"))";
              junos:must-message "Tunnel and dynamic-application can't be applied to same policy";
              description "Tunnel packets";
              uses tunnel_type;
            }  // container tunnel

            container firewall-authentication {
              description
                "Enable authentication for this policy if permit or tunnel";
              uses firewall_authentication_type;
            }  // container firewall-authentication

            container destination-address {
              presence
                "enable destination-address";
              description
                "Enable destination address translation";
              uses destination_nat_enable_type;
            }  // container destination-address

            container application-services {
              description
                "Application Services";
              uses application_services_type;
            }  // container application-services

            container tunnel-inspection {
              description
                "Enable tunnel inspection";
              uses apply-advanced;

              leaf profile-name {
                junos:must "((".. .. .. .. .. .. .. security tunnel-inspection inspection-profile $$" || " .. .. .. .. .. .. .. .. security tunnel-inspection inspection-profile $$"))";
                junos:must-message "tunnel-inspection profile must be configured";
                type string {
                  length "1 .. 63";
                }
                description
                  "Tunnel inspection profile";
              }
            }  // container tunnel-inspection

            container tcp-options {
              description
                "Transmission Control Protocol session configuration";
              uses apply-advanced;

              leaf syn-check-required {
                type empty;
                description
                  "Enable per policy SYN-flag check";
              }

              leaf sequence-check-required {
                type empty;
                description
                  "Enable per policy sequence-number checking";
              }

              leaf initial-tcp-mss {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "64 .. 65535";
                  }
                }
                description
                  "Override MSS value for initial direction";
              }

              leaf reverse-tcp-mss {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "64 .. 65535";
                  }
                }
                description
                  "Override MSS value for reverse direction";
              }

              leaf window-scale {
                type empty;
                description
                  "Enable per policy window-scale";
              }
            }  // container tcp-options

            leaf services-offload {
              type empty;
              description
                "Enable services offloading";
            }

            leaf no-services-offload {
              type empty;
              description
                "Disenable services offloading";
            }

            leaf advanced-connection-tracking {
              type empty;
              description
                "Lookup advanced-connection-tracking table on to-zone";
            }
          }  // container permit
        }  // choice action

        container log {
          description "Enable log";
          uses log_type;
        }  // container log

        container count {
          presence "enable count";
          description "Enable count";
          uses count_type;
        }  // container count
      }  // container then

      leaf scheduler-name {
        junos:must "("schedulers scheduler $$")";
        junos:must-message "scheduler must be defined";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Name of scheduler";
      }

      leaf report-skip {
        type empty;
        description
          "Skip report for this policy";
      }
    }  // grouping policy_type

    grouping application_services_type {
      description "Application Services";
      uses apply-advanced;

      leaf gtp-profile {
        junos:must "(!(".. .. .. .. match dynamic-application"))";
        junos:must-message "gtp and dynamic-application can't be applied to same policy";
        junos:must "("security gtp profile $$")";
        junos:must-message "gtp profile must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Specify GPRS Tunneling Protocol profile name";
      }

      leaf sctp-profile {
        junos:must "(!(".. .. .. .. match dynamic-application"))";
        junos:must-message "sctp and dynamic-application can't be applied to same policy";
        junos:must "("security sctp profile $$")";
        junos:must-message "sctp profile must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Specify Stream Control Protocol profile name";
      }

      leaf idp {
        type empty;
        description
          "Intrusion detection and prevention";
      }

      leaf packet-capture {
        junos:must "(".. .. .. .. match dynamic-application junos:UNKNOWN")";
        junos:must-message "packet-capture action requires dynamic application junos:UNKNOWN in policy";
        type empty;
        description
          "Capturing traffic related to this policy";
      }

      leaf idp-policy {
        type string {
          length "1 .. 255";
        }
        description
          "Specify idp policy name";
      }

      container ssl-proxy {
        presence "enable ssl-proxy";
        description "SSL proxy services";
        uses apply-advanced;

        leaf profile-name {
          junos:must "("services ssl proxy profile $$")";
          junos:must-message "Referenced SSL proxy profile is not defined";
          type string;
          description
            "Specify SSL proxy service profile name";
        }
      }  // container ssl-proxy

      container web-proxy {
        presence "enable web-proxy";
        description "Web proxy services";
        uses apply-advanced;

        leaf profile-name {
          junos:must "(("services web-proxy secure-proxy profile $$" || "services web-proxy proxy-auto-configuration profile $$"))";
          junos:must-message "Referenced Web proxy profile is not defined";
          type string;
          description
            "Specify Web proxy service profile name";
        }
      }  // container web-proxy

      container uac-policy {
        presence "enable uac-policy";
        description
          "Enable unified access control enforcement of policy";
        uses apply-advanced;

        leaf captive-portal {
          junos:must "("services unified-access-control captive-portal $$")";
          junos:must-message "Captive portal policy must be defined";
          type string {
            length "1 .. 128";
          }
        }
      }  // container uac-policy

      leaf utm-policy {
        junos:must "("security utm utm-policy $$")";
        junos:must-message "utm-policy must be defined";
        type string {
          length "1 .. 255";
        }
        description
          "Specify utm policy name";
      }

      leaf icap-redirect {
        junos:must "("services icap-redirect profile $$")";
        junos:must-message "icap-redirect profile must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Specify icap redirect profile name";
      }

      container application-firewall {
        junos:must "((!(".. .. .. .. match dynamic-application") || (".. .. .. .. match dynamic-application" && ".. .. .. .. match dynamic-application none")))";
        junos:must-message "Traditional AppFW and dynamic-application can't be applied to same policy";
        status deprecated;
        description
          "Application firewall services";
        uses jsf_service_rule_set_type;
      }  // container application-firewall

      container application-traffic-control {
        description
          "Application traffic control services";
        uses jsf_application_traffic_control_rule_set_type;
      }  // container application-traffic-control

      choice wx-redirection {
        leaf redirect-wx {
          type empty;
          description "Set WX redirection";
        }
        leaf reverse-redirect-wx {
          type empty;
          description
            "Set WX reverse redirection";
        }
      }  // choice wx-redirection

      leaf security-intelligence-policy {
        junos:must "("services security-intelligence policy $$")";
        junos:must-message "security-intelligence policy must be defined";
        type string {
          length "1 .. 255";
        }
        description
          "Specify security-intelligence policy name";
      }

      leaf advanced-anti-malware-policy {
        junos:must "("services advanced-anti-malware policy $$")";
        junos:must-message "advanced-anti-malware policy must be defined";
        type string {
          length "1 .. 255";
        }
        description
          "Specify advanced-anti-malware policy name";
      }

      container security-intelligence {
        description
          "Generate security intellegence feeds";
        uses security_intelligence_feeds;
      }  // container security-intelligence
    }  // grouping application_services_type

    grouping count_type {
      uses apply-advanced;
    }  // grouping count_type

    grouping destination_nat_enable_type {
      description "Enable Destination NAT";
      uses apply-advanced;

      choice destination_nat {
        leaf drop-translated {
          type empty;
          description
            "Drop the policy if NAT translated";
        }
        leaf drop-untranslated {
          type empty;
          description
            "Drop the policy if NAT untranslated";
        }
      }  // choice destination_nat
    }  // grouping destination_nat_enable_type

    grouping firewall_authentication_type {
      uses apply-advanced;

      choice auth-type {
        container pass-through {
          junos:must "((".. .. .. .. .. .. .. access firewall-authentication pass-through" || ".. .. .. .. .. .. .. .. access firewall-authentication pass-through"))";
          junos:must-message "access firewall-authentication pass-through must be configured";
          presence "enable pass-through";
          description
            "Pass-through firewall authentication settings";
          uses apply-advanced;

          leaf access-profile {
            junos:must "(("access profile $$" || (".. .. .. .. .. .. .. .. .. .. access profile $$" && !(".. .. .. .. .. .. .. .. .. .. access disable-tenant-access"))))";
            junos:must-message "access-profile must be defined or access to profile is disabled for tenants";
            type string {
              length "1 .. 63";
            }
            description
              "Specify access profile name";
          }

          leaf-list client-match {
            type string {
              length "1 .. 63";
            }
            ordered-by user;
            description
              "Name of user or group to match";
          }

          leaf web-redirect {
            type empty;
            description
              "Redirect unauthenticated HTTP requests to the device's internal web server";
          }

          leaf web-redirect-to-https {
            type empty;
            description
              "Redirect unauthenticated HTTP requests to the device's internal HTTPS web server";
          }

          leaf web-authentication-server {
            type string {
              length "1 .. 128";
            }
            description
              "Firewall web authentication server";
          }

          leaf ssl-termination-profile {
            type string {
              length "1 .. 63";
            }
            description
              "Specify SSL termination profile used to the SSL offload";
          }

          leaf auth-only-browser {
            type empty;
            description
              "Authenticate only browser traffic";
          }

          list auth-user-agent {
            key "name";
            ordered-by user;
            description
              "Authenticate HTTP traffic with specified user agent";
            leaf name {
              type string {
                length "1 .. 16";
              }
              description
                "Authenticate HTTP traffic with specified user agent";
            }

            uses apply-advanced;
          }  // list auth-user-agent
        }  // container pass-through
        container web-authentication {
          junos:must "((".. .. .. .. .. .. .. access firewall-authentication web-authentication" || ".. .. .. .. .. .. .. .. access firewall-authentication web-authentication"))";
          junos:must-message "access firewall-authentication web-authentication must be configured";
          presence
            "enable web-authentication";
          description
            "Web-authentication settings";
          uses apply-advanced;

          leaf-list client-match {
            type string {
              length "1 .. 63";
            }
            ordered-by user;
            description
              "Name of user or group to match";
          }
        }  // container web-authentication
        container user-firewall {
          description
            "User-firewall firewall authentication settings";
          uses apply-advanced;

          leaf access-profile {
            junos:must "(("access profile $$" || (".. .. .. .. .. .. .. .. .. .. access profile $$" && !(".. .. .. .. .. .. .. .. .. .. access disable-tenant-access"))))";
            junos:must-message "access-profile must be defined or access to profile is disabled for tenants";
            type string {
              length "1 .. 63";
            }
            description
              "Specify access profile name";
          }

          leaf web-redirect {
            type empty;
            description
              "Redirect unauthenticated HTTP req to web server";
          }

          leaf web-redirect-to-https {
            type empty;
            description
              "Redirect unauthenticated HTTP req to HTTPS web server";
          }

          leaf web-authentication-server {
            type string {
              length "1 .. 128";
            }
            description
              "Firewall web authentication server";
          }

          leaf ssl-termination-profile {
            type string {
              length "1 .. 63";
            }
            description
              "Specify SSL termination profile used to the SSL offload";
          }

          leaf auth-only-browser {
            type empty;
            description
              "Authenticate only browser traffic";
          }

          list auth-user-agent {
            key "name";
            ordered-by user;
            description
              "Authenticate HTTP traffic with specified user agent";
            leaf name {
              type string {
                length "1 .. 16";
              }
              description
                "Authenticate HTTP traffic with specified user agent";
            }

            uses apply-advanced;
          }  // list auth-user-agent

          leaf domain {
            type string {
              length "1 .. 64";
            }
            description
              "Specify domain name";
          }
        }  // container user-firewall
      }  // choice auth-type

      leaf push-to-identity-management {
        type empty;
        description
          "Push auth entry to identity management server";
      }
    }  // grouping firewall_authentication_type

    grouping jsf_service_rule_set_type {
      description
        "Define service rule set reference";
      uses apply-advanced;

      leaf rule-set {
        junos:must "("security application-firewall rule-sets $$")";
        junos:must-message "rule set must be defined";
        type string {
          length "1 .. 64";
        }
        description "Service rule set name";
      }
    }  // grouping jsf_service_rule_set_type

    grouping match_source_end_user_profile_value {
      uses apply-advanced;

      leaf source-end-user-profile-name {
        junos:must "((".. .. .. .. .. .. services user-identification device-information end-user-profile profile-name $$" || ".. .. .. .. .. .. .. services user-identification device-information end-user-profile profile-name $$"))";
        junos:must-message "Services user-identification device-information end-user-profile profile-name must be defined";
        type string;
        description
          "Specify source-end-user-profile name from list to match";
      }
    }  // grouping match_source_end_user_profile_value

    grouping port-range {
      description "Port ranges";
      leaf name {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Single port/minimum port in the port range";
      }

      leaf maximum-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Maximum port in the port range";
      }
    }  // grouping port-range

    grouping profile-radius-server-name-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Invalid FQDN";
          length "4 .. 255";
        }
        description
          "Fully qualified domain name of the RADIUS server";
      }

      uses apply-advanced;

      leaf dns-query-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "10 .. 1440";
          }
        }
        units "minutes";
        default "60";
        description
          "Frequency of RADIUS server name resolution";
      }

      leaf radsec-destination {
        junos:must "(!(".. preauthentication-order"))";
        junos:must-message "RADSEC is mutually exclusive with preauthentication";
        junos:must "("access radsec destination $$")";
        junos:must-message "RADSEC destination must be defined";
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "RADSEC destination";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        default "1812";
        description
          "RADIUS server authentication port number";
      }

      leaf preauthentication-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        description
          "RADIUS server preauthentication port number";
      }

      leaf dynamic-request-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        default "3799";
        description
          "RADIUS client dynamic request port number";
      }

      leaf secret {
        type jt:unreadable;
        description
          "Shared secret with the RADIUS server";
      }

      leaf preauthentication-secret {
        type jt:unreadable;
        description
          "Shared secret with the RADIUS server";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1000";
          }
        }
        units "seconds";
        default "3";
        description "Request timeout period";
      }

      leaf retry {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 100";
          }
        }
        default "3";
        description "Retry attempts";
      }

      leaf accounting-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 1000";
          }
        }
        units "seconds";
        default "0";
        description
          "Accounting request timeout period";
      }

      leaf accounting-retry {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        default "0";
        description
          "Accounting retry attempts";
      }

      leaf max-outstanding-requests {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 2000";
          }
        }
        default "1000";
        description
          "Maximum requests in flight to server";
      }

      leaf source-address {
        type jt:ipaddr;
        description
          "Use specified address as source address";
      }

      leaf routing-instance {
        junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))";
        junos:must-message "referenced routing-instance must be defined";
        type string;
        description
          "Use specified routing instance";
      }
    }  // grouping profile-radius-server-name-object

    grouping profile-radius-server-object {
      leaf name {
        type jt:ipaddr;
        description "RADIUS server address";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        default "1812";
        description
          "RADIUS server authentication port number";
      }

      leaf preauthentication-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        description
          "RADIUS server preauthentication port number";
      }

      leaf dynamic-request-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 65535";
          }
        }
        default "3799";
        description
          "RADIUS client dynamic request port number";
      }

      leaf secret {
        type jt:unreadable;
        description
          "Shared secret with the RADIUS server";
      }

      leaf preauthentication-secret {
        type jt:unreadable;
        description
          "Shared secret with the RADIUS server";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1000";
          }
        }
        units "seconds";
        default "3";
        description "Request timeout period";
      }

      leaf retry {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 100";
          }
        }
        default "3";
        description "Retry attempts";
      }

      leaf accounting-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 1000";
          }
        }
        units "seconds";
        default "0";
        description
          "Accounting request timeout period";
      }

      leaf accounting-retry {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        default "0";
        description
          "Accounting retry attempts";
      }

      leaf max-outstanding-requests {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 2000";
          }
        }
        default "1000";
        description
          "Maximum requests in flight to server";
      }

      leaf source-address {
        type jt:ipaddr;
        description
          "Use specified address as source address";
      }

      leaf routing-instance {
        junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))";
        junos:must-message "referenced routing-instance must be defined";
        type string;
        description
          "Use specified routing instance";
      }

      leaf radsec-destination {
        junos:must "("access radsec destination $$")";
        junos:must-message "RADSEC destination must be defined";
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "RADSEC destination";
      }
    }  // grouping profile-radius-server-object

    grouping profile-setting {
      description "UTM policy settings";
      leaf name {
        type string {
          length "1 .. 29";
        }
        description "UTM policy name";
      }

      uses apply-advanced;

      container anti-virus {
        description
          "UTM policy anti-virus profile";
        uses apply-advanced;

        leaf http-profile {
          junos:must "(("security utm feature-profile anti-virus sophos-engine profile $$" || "security utm feature-profile anti-virus profile $$"))";
          junos:must-message "An anti-virus profile must be defined";
          type string;
          description "Anti-virus profile";
        }

        container ftp {
          description "FTP profile";
          uses apply-advanced;

          leaf upload-profile {
            junos:must "(("security utm feature-profile anti-virus sophos-engine profile $$" || "security utm feature-profile anti-virus profile $$"))";
            junos:must-message "An anti-virus profile must be defined";
            type string;
            description "Anti-virus profile";
          }

          leaf download-profile {
            junos:must "(("security utm feature-profile anti-virus sophos-engine profile $$" || "security utm feature-profile anti-virus profile $$"))";
            junos:must-message "An anti-virus profile must be defined";
            type string;
            description "Anti-virus profile";
          }
        }  // container ftp

        leaf smtp-profile {
          junos:must "(("security utm feature-profile anti-virus sophos-engine profile $$" || "security utm feature-profile anti-virus profile $$"))";
          junos:must-message "An anti-virus profile must be defined";
          type string;
          description "Anti-virus profile";
        }

        leaf pop3-profile {
          junos:must "(("security utm feature-profile anti-virus sophos-engine profile $$" || "security utm feature-profile anti-virus profile $$"))";
          junos:must-message "An anti-virus profile must be defined";
          type string;
          description "Anti-virus profile";
        }

        leaf imap-profile {
          junos:must "(("security utm feature-profile anti-virus sophos-engine profile $$" || "security utm feature-profile anti-virus profile $$"))";
          junos:must-message "An anti-virus profile must be defined";
          type string;
          description "Anti-virus profile";
        }
      }  // container anti-virus

      container content-filtering {
        description
          "Content-filtering profile";
        uses apply-advanced;

        leaf http-profile {
          junos:must "("security utm feature-profile content-filtering profile $$")";
          junos:must-message "content-filtering profile must be defined";
          type string;
          description
            "Content-filtering profile";
        }

        container ftp {
          description "FTP profile";
          uses apply-advanced;

          leaf upload-profile {
            junos:must "("security utm feature-profile content-filtering profile $$")";
            junos:must-message "content-filtering profile must be defined";
            type string;
            description
              "Content-filtering FTP upload profile";
          }

          leaf download-profile {
            junos:must "("security utm feature-profile content-filtering profile $$")";
            junos:must-message "content-filtering profile must be defined";
            type string;
            description
              "Content-filtering FTP download profile";
          }
        }  // container ftp

        leaf smtp-profile {
          junos:must "("security utm feature-profile content-filtering profile $$")";
          junos:must-message "content-filtering profile must be defined";
          type string;
          description
            "Content-filtering SMTP profile";
        }

        leaf pop3-profile {
          junos:must "("security utm feature-profile content-filtering profile $$")";
          junos:must-message "content-filtering profile must be defined";
          type string;
          description
            "Content-filtering POP3 profile";
        }

        leaf imap-profile {
          junos:must "("security utm feature-profile content-filtering profile $$")";
          junos:must-message "content-filtering profile must be defined";
          type string;
          description
            "Content-filtering IMAP profile";
        }
      }  // container content-filtering

      container web-filtering {
        description "Web-filtering profile";
        uses apply-advanced;

        leaf http-profile {
          junos:must "(("security utm feature-profile web-filtering surf-control-integrated profile $$" || ("security utm feature-profile web-filtering websense-redirect profile $$" || ("security utm feature-profile web-filtering juniper-local profile $$" || "security utm feature-profile web-filtering juniper-enhanced profile $$"))))";
          junos:must-message "websense-redirect profile or local profile or juniper-enhanced must be defined";
          type string;
          description
            "Web-filtering HTTP profile";
        }
      }  // container web-filtering

      container anti-spam {
        description "Anti-spam profile";
        uses apply-advanced;

        leaf smtp-profile {
          junos:must "("security utm feature-profile anti-spam sbl profile $$")";
          junos:must-message "anti-spam sbl profile must be defined";
          type string;
          description "Anti-spam profile";
        }
      }  // container anti-spam

      container traffic-options {
        status deprecated;
        description "Traffic options";
        uses apply-advanced;

        container sessions-per-client {
          description "Sessions per client";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 2000";
              }
            }
            default "2000";
            description "Sessions limit";
          }

          leaf over-limit {
            type enumeration {
              enum "log-and-permit" {
                value 0;
              }
              enum "block" {
                value 1;
              }
            }
            description "Over limit number";
          }
        }  // container sessions-per-client
      }  // container traffic-options
    }  // grouping profile-setting

    grouping programmable-rpd-type {
      uses apply-advanced;

      container traceoptions {
        description "Trace options";
        uses apply-advanced;

        container file {
          description "Trace file options";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf replace {
            type empty;
            status deprecated;
            description
              "Replace trace file rather than appending to it";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "10";
            description
              "Maximum number of trace files";
          }

          leaf no-stamp {
            type empty;
            status deprecated;
            description
              "Do not timestamp trace file";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "client" {
                value 0;
                description "Client events";
              }
              enum "japi" {
                value 1;
                description
                  "JAPI related traces";
              }
              enum "routing-interface" {
                value 2;
                description
                  "Routing interface traces";
              }
              enum "route" {
                value 3;
                description
                  "Trace routing information";
              }
              enum "normal" {
                value 4;
                description
                  "Trace normal events";
              }
              enum "general" {
                value 5;
                description
                  "Trace general events";
              }
              enum "state" {
                value 6;
                description
                  "Trace state transitions";
              }
              enum "policy" {
                value 7;
                description
                  "Trace policy processing";
              }
              enum "task" {
                value 8;
                description
                  "Trace routing protocol task processing";
              }
              enum "timer" {
                value 9;
                description
                  "Trace routing protocol timer processing";
              }
              enum "all" {
                value 10;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      container purge-timeout {
        presence "enable purge-timeout";
        description
          "Purge timeout for all programmable-rpd clients in seconds";
        choice purge-parm {
          leaf never {
            type empty;
            description
              "Client programmed objects are never purged";
          }
          leaf timeout {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 604800";
              }
            }
            units "seconds";
            description
              "Timeout value, in seconds, for purging client programmed objects";
          }
        }  // choice purge-parm
      }  // container purge-timeout

      list client {
        key "name";
        ordered-by user;
        description
          "Programmable-rpd client options";
        leaf name {
          type string {
            length "1 .. 255";
          }
          description "Client ID";
        }

        uses apply-advanced;

        list interface-notification {
          key "name";
          ordered-by user;
          description
            "Interfaces for notification";
          leaf name {
            type string {
              length "1 .. 32";
            }
            description "Interface";
          }

          uses apply-advanced;
        }  // list interface-notification
      }  // list client

      container rib-service {
        presence "enable rib-service";
        description
          "RIB service API options";
        uses apply-advanced;

        container dynamic-next-hop-interface {
          presence
            "enable dynamic-next-hop-interface";
          description
            "Update routes for next-hop interface changes";
          uses apply-advanced;

          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable dynamic next-hop interface handling";
            }
          }  // choice enable-disable
        }  // container dynamic-next-hop-interface
      }  // container rib-service
    }  // grouping programmable-rpd-type

    grouping proto-object {
      leaf name {
        type string;
      }

      uses apply-advanced;

      list tunable-name {
        key "name";
        ordered-by user;
        description "Protocol tunable name";
        uses tunable-object;
      }  // list tunable-name
    }  // grouping proto-object

    grouping qualified_nh_obj {
      leaf name {
        type union {
          type jt:ipaddr-or-interface;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Next hop to destination";
      }

      uses apply-advanced;

      leaf preference {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Preference of qualified next hop";
      }

      leaf metric {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Metric of qualified next hop";
      }

      leaf interface {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Interface of qualified next hop";
      }

      leaf mac-address {
        type jt:mac-unicast;
        description "Next-hop Mac Address";
      }

      leaf tag {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Tag string";
      }

      container bfd-liveness-detection {
        description
          "Bidirectional Forwarding Detection (BFD) options";
        uses apply-advanced;

        leaf version {
          type enumeration {
            enum "0" {
              value 0;
              description
                "BFD version 0 (deprecated)";
            }
            enum "1" {
              value 1;
              description "BFD version 1";
            }
            enum "automatic" {
              value 2;
              description
                "Choose BFD version automatically";
            }
          }
          default "automatic";
          description
            "BFD protocol version number";
        }

        leaf minimum-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum transmit and receive interval";
        }

        leaf minimum-transmit-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          status deprecated;
          description
            "Minimum transmit interval";
        }

        leaf minimum-receive-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Minimum receive interval";
        }

        leaf multiplier {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255";
            }
          }
          default "3";
          description
            "Detection time multiplier";
        }

        choice adaptation-choice {
          leaf no-adaptation {
            type empty;
            description "Disable adaptation";
          }
        }  // choice adaptation-choice

        container transmit-interval {
          description
            "Transmit-interval options";
          uses apply-advanced;

          leaf minimum-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255000";
              }
            }
            units "milliseconds";
            description
              "Minimum transmit interval";
          }

          leaf threshold {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "milliseconds";
            description
              "High transmit interval triggering a trap";
          }
        }  // container transmit-interval

        container detection-time {
          description
            "Detection-time options";
          uses apply-advanced;

          leaf threshold {
            type union {
              type uint32;
              type string {
                pattern "<.*>|$.*";
              }
            }
            units "milliseconds";
            description
              "High detection-time triggering a trap";
          }
        }  // container detection-time

        container authentication {
          description
            "Authentication options";
          uses apply-advanced;

          leaf key-chain {
            junos:must "(".. algorithm")";
            junos:must-message "May not be configured without algorithm";
            junos:must "("security authentication-key-chains key-chain $$")";
            junos:must-message "Referenced key-chain must be defined";
            type string;
            description "Key chain name";
          }

          leaf algorithm {
            junos:must "(".. key-chain")";
            junos:must-message "May not be configured without key-chain";
            type enumeration {
              enum "simple-password" {
                value 0;
                description
                  "Simple password";
              }
              enum "keyed-md5" {
                value 1;
                description
                  "Keyed message Digest 5";
              }
              enum "meticulous-keyed-md5" {
                value 2;
                description
                  "Meticulous keyed message Digest 5";
              }
              enum "keyed-sha-1" {
                value 3;
                description
                  "Keyed secure hash algorithm (SHA1) ";
              }
              enum "meticulous-keyed-sha-1" {
                value 4;
                description
                  "Meticulous keyed secure hash algorithm (SHA1) ";
              }
            }
            description "Algorithm name";
          }

          leaf loose-check {
            type empty;
            description
              "Verify authentication only if authentication is negotiated";
          }
        }  // container authentication

        leaf neighbor {
          type jt:ipaddr;
          description "BFD neighbor address";
        }

        leaf local-address {
          type jt:ipaddr;
          description
            "BFD local address (for multihop only)";
        }

        leaf holddown-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255000";
            }
          }
          units "milliseconds";
          description
            "Time to hold the session-UP notification to the client";
        }

        leaf minimum-receive-ttl {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "1 .. 255";
            }
          }
          description
            "Minimum receive TTL below which to drop";
        }
      }  // container bfd-liveness-detection
    }  // grouping qualified_nh_obj

    grouping ragw-traceoptions {
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "brief" {
            value 0;
            description
              "Brief debugging output";
          }
          enum "detail" {
            value 1;
            description
              "Detailed debugging output";
          }
          enum "extensive" {
            value 2;
            description
              "Extensive debugging output";
          }
          enum "verbose" {
            value 3;
            description
              "Verbose debugging output";
          }
        }
        default "brief";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "configuration" {
              value 0;
              description
                "Trace CLI configuration events";
            }
            enum "tunnel" {
              value 1;
              description
                "Trace tunnel install/encap/decap events";
            }
            enum "session" {
              value 2;
              description
                "Trace session related events";
            }
            enum "all" {
              value 3;
              description "Trace everything";
            }
          }
        }
      }  // list flag
    }  // grouping ragw-traceoptions

    grouping range-address-type {
      description "Range address";
      leaf name {
        type jt:ipv4addr;
        description
          "Lower limit of address range";
      }

      uses apply-advanced;

      container to {
        description "Port range upper limit";
        uses apply-advanced;

        leaf range-high {
          type jt:ipv4addr;
          description
            "Upper limit of address range";
        }
      }  // container to
    }  // grouping range-address-type

    grouping rate-limit-object {
      uses apply-advanced;

      leaf alarm-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 80000";
          }
        }
        description
          "Set alarm threshold for rate-limit";
      }

      leaf drop-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 80000";
          }
        }
        description
          "Set drop threshold for rate-limit";
      }

      container message {
        description
          "GTP limited message type";
        uses message-object;
      }  // container message
    }  // grouping rate-limit-object

    grouping reconfigure-trigger-type {
      description "DHCP reconfigure trigger";
      uses apply-advanced;

      leaf radius-disconnect {
        type empty;
        description
          "Trigger DHCP reconfigure by radius initiated disconnect";
      }
    }  // grouping reconfigure-trigger-type

    grouping relay-active-leasequery-v4-type {
      description
        "Configure active leasequery";
      uses apply-advanced;

      leaf topology-discover {
        junos:must "(".. peer-address")";
        junos:must-message "Must configure [peer-address] to configure topology-discover";
        type empty;
        description "Topology discovery";
      }

      list peer-address {
        key "name";
        ordered-by user;
        description "Server ip address";
        leaf name {
          type jt:ipaddr;
          description "Peer ip address";
        }

        uses apply-advanced;
      }  // list peer-address

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 3600";
          }
        }
        units "seconds";
        default "120";
        description
          "Read/write timeout in seconds";
      }

      leaf idle-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 3600";
          }
        }
        units "seconds";
        default "60";
        description
          "Idle timeout in seconds";
      }
    }  // grouping relay-active-leasequery-v4-type

    grouping relay-active-leasequery-v6-type {
      description
        "Configure active leasequery";
      uses apply-advanced;

      leaf topology-discover {
        junos:must "(".. peer-address")";
        junos:must-message "Must configure [peer-address] to configure topology-discover";
        type empty;
        description "Topology discovery";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 3600";
          }
        }
        units "seconds";
        default "120";
        description
          "Read/write timeout in seconds";
      }

      leaf idle-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 3600";
          }
        }
        units "seconds";
        default "60";
        description
          "Idle timeout in seconds";
      }

      list peer-address {
        key "name";
        ordered-by user;
        description "Peer ipv6 address";
        leaf name {
          type jt:ipv6addr;
          description "Peer ipv6 address";
        }

        uses apply-advanced;
      }  // list peer-address
    }  // grouping relay-active-leasequery-v6-type

    grouping relay-bulk-leasequery-v4-type {
      junos:must "(".. overrides always-write-option-82")";
      junos:must-message "Must configure [overrides always-write-option-82] to overwrite circuit-id for bulk-leasequery";
      junos:must "((".. relay-option-82 circuit-id" && !((".. relay-option-82 circuit-id use-interface-description" || ".. relay-option-82 circuit-id require-interface-description"))))";
      junos:must-message "Must configure [relay-option-82 circuit-id] without description to insert circuit-id for bulk-leasequery";
      description
        "Configure bulk leasequery";
      uses apply-advanced;

      leaf attempts {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 720";
          }
        }
        default "360";
        description
          "Number of retry attempts";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        units "seconds";
        default "10";
        description "Number of seconds";
      }
    }  // grouping relay-bulk-leasequery-v4-type

    grouping relay-bulk-leasequery-v6-type {
      junos:must "(".. relay-agent-interface-id")";
      junos:must-message "Must configure [relay-agent-interface-id] to insert interface-id for bulk-leasequery";
      description
        "Configure bulk leasequery";
      uses apply-advanced;

      leaf attempts {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        default "6";
        description
          "Number of retry attempts";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        units "seconds";
        default "10";
        description "Number of seconds";
      }

      container trigger {
        description
          "Trigger for bulk leasequery";
        leaf automatic {
          type empty;
          description
            "Trigger automatically";
        }
      }  // container trigger
    }  // grouping relay-bulk-leasequery-v6-type

    grouping relay-leasequery-type {
      description "Configure leasequery";
      uses apply-advanced;

      leaf attempts {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        default "6";
        description
          "Number of retry attempts";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        units "seconds";
        default "10";
        description "Number of seconds";
      }
    }  // grouping relay-leasequery-type

    grouping relay-option-60-type-group {
      description
        "DHCP option-60 processing";
      uses apply-advanced;

      container vendor-option {
        description "Add vendor option";
        uses apply-advanced;

        container equals {
          description "Option 60 equals";
          uses relay-option-60-match-group;
        }  // container equals

        container not-equals {
          status deprecated;
          description
            "Option 60 does not equal";
          uses relay-option-60-match-group;
        }  // container not-equals

        container starts-with {
          description
            "Option 60 starts with";
          uses relay-option-60-match-group;
        }  // container starts-with

        choice server-group-choice {
          leaf default-relay-server-group {
            junos:must "(".. .. .. .. server-group $$")";
            junos:must-message "Referenced group must be defined under [edit dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is not made";
          }
          leaf default-local-server-group {
            junos:must "(".. .. .. .. .. .. system services dhcp-local-server group $$")";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is not made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is not made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is not made";
          }
        }  // choice server-group-choice
      }  // container vendor-option
    }  // grouping relay-option-60-type-group

    grouping relay-option-60-match-group {
      uses apply-advanced;

      list ascii {
        key "name";
        description "ASCII string";
        leaf name {
          type string {
            length "1 .. 256";
          }
          description "ASCII string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "(".. .. .. .. .. .. server-group $$")";
            junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf local-server-group {
            junos:must "(".. .. .. .. .. .. .. .. system services dhcp-local-server group $$")";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list ascii

      list hexadecimal {
        key "name";
        description "Hexadecimal string";
        leaf name {
          type string {
            junos:posix-pattern "^[[:xdigit:]]+$";
            junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            length "1 .. 512";
          }
          description "Hexadecimal string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "(".. .. .. .. .. .. server-group $$")";
            junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf local-server-group {
            junos:must "(".. .. .. .. .. .. .. .. system services dhcp-local-server group $$")";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list hexadecimal
    }  // grouping relay-option-60-match-group

    grouping relay-option-60-type-top {
      description
        "DHCP option-60 processing";
      uses apply-advanced;

      container vendor-option {
        description "Add vendor option";
        uses apply-advanced;

        container equals {
          description "Option 60 equals";
          uses relay-option-60-match-top;
        }  // container equals

        container not-equals {
          status deprecated;
          description
            "Option 60 does not equal";
          uses relay-option-60-match-top;
        }  // container not-equals

        container starts-with {
          description
            "Option 60 starts with";
          uses relay-option-60-match-top;
        }  // container starts-with

        choice server-group-choice {
          leaf default-relay-server-group {
            junos:must "(".. .. .. server-group $$")";
            junos:must-message "Referenced group must be defined under [edit dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is not made";
          }
          leaf default-local-server-group {
            junos:must "(".. .. .. .. .. system services dhcp-local-server group $$")";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is not made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is not made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is not made";
          }
        }  // choice server-group-choice
      }  // container vendor-option
    }  // grouping relay-option-60-type-top

    grouping relay-option-60-match-top {
      uses apply-advanced;

      list ascii {
        key "name";
        description "ASCII string";
        leaf name {
          type string {
            length "1 .. 256";
          }
          description "ASCII string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "(".. .. .. .. .. server-group $$")";
            junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf local-server-group {
            junos:must "(".. .. .. .. .. .. .. system services dhcp-local-server group $$")";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list ascii

      list hexadecimal {
        key "name";
        description "Hexadecimal string";
        leaf name {
          type string {
            junos:posix-pattern "^[[:xdigit:]]+$";
            junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            length "1 .. 512";
          }
          description "Hexadecimal string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "(".. .. .. .. .. server-group $$")";
            junos:must-message "Referenced group must be defined under [edit forwarding-options dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf local-server-group {
            junos:must "(".. .. .. .. .. .. .. system services dhcp-local-server group $$")";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list hexadecimal
    }  // grouping relay-option-60-match-top

    grouping relay-option-82-type {
      description
        "DHCP option-82 processing";
      uses apply-advanced;

      container circuit-id {
        presence "enable circuit-id";
        description "Add circuit identifier";
        uses apply-advanced;

        container prefix {
          description
            "Add prefix to circuit/interface-id or remote-id";
          uses apply-advanced;

          leaf host-name {
            type empty;
            description
              "Add router host name to circuit / interface-id or remote-id";
          }

          leaf logical-system-name {
            type empty;
            description
              "Add logical system name to circuit / interface-id or remote-id";
          }

          leaf routing-instance-name {
            type empty;
            description
              "Add routing instance name to circuit / interface-id or remote-id";
          }
        }  // container prefix

        leaf use-interface-description {
          junos:must "(!(".. require-interface-description"))";
          junos:must-message "use-interface-description may not be set with require-interface-desciption";
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Use interface description instead of circuit identifier";
        }

        leaf use-vlan-id {
          junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))";
          junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured";
          type empty;
          description
            "Use VLAN id instead of name";
        }

        container vlan-id-only {
          junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. user-defined" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. require-interface-description")))))))))";
          junos:must-message "Vlan-id-only cannot be clubbed along with any other option-82 knob";
          presence "enable vlan-id-only";
          description "Use only VLAN id";
          uses apply-advanced;
        }  // container vlan-id-only

        leaf no-vlan-interface-name {
          type empty;
          description
            "Not include vlan or interface name";
        }

        leaf include-irb-and-l2 {
          type empty;
          description
            "Include IRB and L2 interface name";
        }

        leaf user-defined {
          junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. require-interface-description"))))))))";
          junos:must-message "The user defined description for option 82 must be defined in order to see the usage and doesnt coexist with prefix";
          type empty;
          description
            "Include user defined string";
        }

        leaf keep-incoming-circuit-id {
          type empty;
          description
            "Keep incoming circuit identifier";
        }
      }  // container circuit-id

      container remote-id {
        presence "enable remote-id";
        description "Add remote identifier";
        uses apply-advanced;

        container prefix {
          description
            "Add prefix to circuit/interface-id or remote-id";
          uses apply-advanced;

          leaf host-name {
            type empty;
            description
              "Add router host name to circuit / interface-id or remote-id";
          }

          leaf logical-system-name {
            type empty;
            description
              "Add logical system name to circuit / interface-id or remote-id";
          }

          leaf routing-instance-name {
            type empty;
            description
              "Add routing instance name to circuit / interface-id or remote-id";
          }
        }  // container prefix

        leaf use-interface-description {
          junos:must "(!(".. require-interface-description"))";
          junos:must-message "use-interface-description may not be set with require-interface-desciption";
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Use interface description instead of circuit identifier";
        }

        leaf use-vlan-id {
          junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))";
          junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured";
          type empty;
          description
            "Use VLAN id instead of name";
        }

        leaf no-vlan-interface-name {
          type empty;
          description
            "Not include vlan or interface name";
        }

        leaf include-irb-and-l2 {
          type empty;
          description
            "Include IRB and L2 interface name";
        }

        container hostname-only {
          junos:must "(!((".. include-irb-and-l2" || (".. keep-incoming-remote-id" || (".. no-vlan-interface-name" || (".. use-interface-description" || (".. use-vlan-id" || (".. prefix" || ".. use-string"))))))))";
          junos:must-message "Hostname-only cannot be clubbed with any other sub-option";
          presence "enable hostname-only";
          description
            "Include hostname only";
          uses apply-advanced;
        }  // container hostname-only

        leaf keep-incoming-remote-id {
          type empty;
          description
            "Keep incoming remote identifier";
        }

        leaf use-string {
          junos:must "(!((".. use-interface-description" || (".. require-interface-description" || (".. include-irb-and-l2" || (".. keep-incoming-circuit-id" || (".. no-vlan-interface-name" || ".. use-vlan-id")))))))";
          junos:must-message "use-string can only coexist with prefix";
          type string;
          description
            "Use raw string instead of the default remote id";
        }
      }  // container remote-id

      leaf server-id-override {
        junos:must "(!(".. link-selection"))";
        junos:must-message "server-id-override cannot be configured with link-selection";
        type empty;
        description
          "Add link-selection and server-id sub-options on packets to server";
      }

      leaf link-selection {
        junos:must "(!(".. server-id-override"))";
        junos:must-message "link-selection cannot be configured with server-id-override";
        type empty;
        description
          "Add link-selection suboption on packets to server";
      }

      leaf exclude-relay-agent-identifier {
        type empty;
        description
          "Exclude relay agent identifier from packets to server";
      }

      container vendor-specific {
        description
          "Add vendor-specific information";
        uses jdhcp-vendor-specific-type;
      }  // container vendor-specific
    }  // grouping relay-option-82-type

    grouping relay-v4-option-ascii-hex {
      uses apply-advanced;

      list ascii {
        key "name";
        description "ASCII string";
        leaf name {
          type string {
            length "1 .. 256";
          }
          description "ASCII string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))";
            junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf local-server-group {
            junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list ascii

      list hexadecimal {
        key "name";
        description "Hexadecimal string";
        leaf name {
          type string {
            junos:posix-pattern "^[[:xdigit:]]+$";
            junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            length "1 .. 512";
          }
          description "Hexadecimal string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))";
            junos:must-message "Referenced group must be defined under [edit forwarding dhcp-relay server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf local-server-group {
            junos:must "((".. .. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. .. system services dhcp-local-server group $$" || (".. .. .. .. .. .. system services dhcp-local-server group $$" || ".. .. .. .. .. system services dhcp-local-server group $$"))))";
            junos:must-message "Referenced group must be defined under [edit system services dhcp-local-server group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP local server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list hexadecimal
    }  // grouping relay-v4-option-ascii-hex

    grouping relay-v6-option-ascii-hex {
      uses apply-advanced;

      list ascii {
        key "name";
        description "ASCII string";
        leaf name {
          type string {
            length "1 .. 256";
          }
          description "ASCII string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))";
            junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list ascii

      list hexadecimal {
        key "name";
        description "Hexadecimal string";
        leaf name {
          type string {
            junos:posix-pattern "^[[:xdigit:]]+$";
            junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            length "1 .. 512";
          }
          description "Hexadecimal string";
        }

        uses apply-advanced;

        choice server-group-choice {
          leaf relay-server-group {
            junos:must "((".. .. .. .. .. .. server-group $$" || (".. .. .. .. .. server-group $$" || (".. .. .. .. server-group $$" || ".. .. .. server-group $$"))))";
            junos:must-message "Referenced group must be defined under [edit forwarding options dhcp-relay dhcpv6 server-group]";
            type string {
              length "1 .. 64";
            }
            description
              "Name of DHCP relay server group when match is made";
          }
          leaf drop {
            type empty;
            description
              "Discard when a match is made";
          }
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
        }  // choice server-group-choice
      }  // list hexadecimal
    }  // grouping relay-v6-option-ascii-hex

    grouping remote-access-client-config {
      leaf name {
        type string {
          length "1 .. 32";
        }
        description
          "Name of config object name";
      }

      uses apply-advanced;

      leaf connection-mode {
        type enumeration {
          enum "manual" {
            value 0;
            description
              "Set to manual mode, default mode";
          }
          enum "always" {
            value 1;
            description "Set to always mode";
          }
        }
        default "manual";
        description
          "Set connection-mode of client";
      }

      leaf biometric-authentication {
        type empty;
        description
          "Enable biometric authentication";
      }

      container windows-logon {
        presence "enable windows-logon";
        uses apply-advanced;

        leaf mode {
          type enumeration {
            enum "manual" {
              value 0;
              description
                "Manual Windows logon";
            }
            enum "automatic" {
              value 1;
              description
                "Automatic Windows logon with configured credentials";
            }
          }
          default "manual";
          description
            "Set windows logon mode";
        }

        leaf domain {
          type string {
            length "1 .. 255";
          }
          description
            "Domain name for automatic windows logon";
        }

        leaf disconnect-at-logoff {
          type empty;
          description
            "Disconnect after logoff";
        }

        leaf flush-credential-at-logoff {
          type empty;
          description
            "Flush cached credentials upon after logoff";
        }

        leaf lead-time-duration {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 120";
            }
          }
          units "seconds";
          default "45";
          description
            "Lead time duration for domain logon (seconds)";
        }

        leaf eap-auth {
          type empty;
          description
            "EAP Authentication before profile selection";
        }

        leaf auto-dialog-open {
          type empty;
          description
            "Automatically open dialog for connection establishment";
        }
      }  // container windows-logon

      leaf no-dead-peer-detection {
        type empty;
        description
          "Disable dead-peer-detection on client";
      }

      container dead-peer-detection {
        description
          "Dead Peer Detection configuration";
        uses apply-advanced;

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 300";
            }
          }
          units "seconds";
          default "60";
          description
            "The time between DPD probe messages (seconds) Default :60";
        }

        leaf threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 5";
            }
          }
          default "5";
          description
            "Maximum number of DPD retransmissions Default :5";
        }
      }  // container dead-peer-detection

      leaf no-tcp-encap {
        type empty;
        description
          "Disable tcp encapsulation";
      }

      leaf no-eap-tls {
        type empty;
        description
          "Disable EAP-TLS IKEV2 method";
      }

      container certificate {
        description "Certificate identifier";
        uses apply-advanced;

        leaf no-expiry-warning {
          junos:must "(!(".. warn-before-expiry"))";
          junos:must-message "Certificate must not have both no-expiry-warning or warn-before-expiry configured";
          type empty;
          description
            "Disable certificate expiry warning";
        }

        leaf no-pin-request-per-connection {
          type empty;
          description
            "Disable certificate pin request per connection";
        }

        leaf warn-before-expiry {
          junos:must "(!(".. no-expiry-warning"))";
          junos:must-message "Certificate must not have both no-expiry-warning or warn-before-expiry configured";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 90";
            }
          }
          units "days";
          default "60";
          description
            "Certificate expiration warning days (1 - 90)";
        }
      }  // container certificate
    }  // grouping remote-access-client-config

    grouping remote-access-profile-config {
      leaf name {
        type string {
          length "1 .. 32";
        }
        description "Profile identifier";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 255";
        }
        description
          "Text description of remote-access profile";
      }

      leaf ipsec-vpn {
        junos:must "("security ipsec vpn $$")";
        junos:must-message "IPSec VPN object must be defined under [edit security ipsec vpn]";
        type string;
        description
          "Select the ipsec-vpn policy object";
      }

      leaf access-profile {
        junos:must "("access profile $$")";
        junos:must-message "Access profile must be defined under [edit access profile]";
        type string;
        description
          "Select the access-profile";
      }

      leaf client-config {
        junos:must "("security remote-access client-config $$")";
        junos:must-message "Referenced group must be defined under [edit security remote-access client-config]";
        type string;
        description
          "Select the client config object";
      }
    }  // grouping remote-access-profile-config

    grouping remote-access-traceoptions {
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "brief" {
            value 0;
            description
              "Brief debugging output";
          }
          enum "detail" {
            value 1;
            description
              "Detailed debugging output";
          }
          enum "extensive" {
            value 2;
            description
              "Extensive debugging output";
          }
          enum "verbose" {
            value 3;
            description
              "Verbose debugging output";
          }
        }
        default "brief";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "cli-configuration" {
              value 0;
              description
                "Trace CLI configuration events";
            }
            enum "all" {
              value 1;
              description "Trace everything";
            }
          }
        }
      }  // list flag
    }  // grouping remote-access-traceoptions

    grouping rib-inet3 {
      uses apply-advanced;

      container inet.3 {
        presence "enable inet.3";
        description
          "Use inet.3 to exchange labeled unicast routes";
        uses apply-advanced;
      }  // container inet.3
    }  // grouping rib-inet3

    grouping rib_aggregate_type {
      uses apply-advanced;

      container defaults {
        description "Global route options";
        uses apply-advanced;

        container metric {
          presence "enable metric";
          description "Metric value";
          uses rib_static_metric_type;
        }  // container metric

        container metric2 {
          presence "enable metric2";
          description "Metric value 2";
          uses rib_static_metric_type;
        }  // container metric2

        container metric3 {
          presence "enable metric3";
          description "Metric value 3";
          uses rib_static_metric_type;
        }  // container metric3

        container metric4 {
          presence "enable metric4";
          description "Metric value 4";
          uses rib_static_metric_type;
        }  // container metric4

        container tag {
          presence "enable tag";
          description "Tag string";
          uses rib_static_metric_type;
        }  // container tag

        container tag2 {
          presence "enable tag2";
          description "Tag string 2";
          uses rib_static_metric_type;
        }  // container tag2

        container preference {
          presence "enable preference";
          description "Preference value";
          uses rib_static_metric_type;
        }  // container preference

        container preference2 {
          presence "enable preference2";
          description "Preference value 2";
          uses rib_static_metric_type;
        }  // container preference2

        container color {
          presence "enable color";
          description
            "Color (preference) value";
          uses rib_static_metric_type;
        }  // container color

        container color2 {
          presence "enable color2";
          description
            "Color (preference) value 2";
          uses rib_static_metric_type;
        }  // container color2

        leaf-list community {
          type jt:community;
          ordered-by user;
          description
            "BGP community identifier";
        }

        container as-path {
          description
            "Autonomous system path";
          uses apply-advanced;

          leaf path {
            type string;
            description
              "Autonomous system path";
          }

          leaf origin {
            type enumeration {
              enum "igp" {
                value 0;
                description
                  "Path originated in the local IGP";
              }
              enum "egp" {
                value 1;
                description
                  "Path originated in another AS";
              }
              enum "incomplete" {
                value 2;
                description
                  "Path was learned by some other means";
              }
            }
          }

          leaf atomic-aggregate {
            type empty;
            description
              "Add ATOMIC_AGGREGATE path attribute to route";
          }

          container aggregator {
            presence "enable aggregator";
            description
              "Add AGGREGATOR path attribute to route";
          }  // container aggregator

          leaf as-number {
            type string {
              junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
              junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
            }
            description
              " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
          }

          leaf address {
            type jt:ipv4addr;
            description
              "Address of BGP system that formed the route";
          }
        }  // container as-path

        leaf discard {
          type empty;
          description
            "Drop packets to destination; send no ICMP unreachables";
        }

        leaf next-table {
          type string;
          description
            "Next hop to another table";
        }

        choice brief_flag {
          leaf brief {
            type empty;
            description
              "Include longest common sequences from contributing paths";
          }
          leaf full {
            type empty;
            description
              "Include all AS numbers from all contributing paths";
          }
        }  // choice brief_flag

        choice passive_flag {
          leaf active {
            type empty;
            description
              "Remove inactive route from forwarding table";
          }
          leaf passive {
            type empty;
            description
              "Retain inactive route in forwarding table";
          }
        }  // choice passive_flag
      }  // container defaults

      list route {
        key "name";
        ordered-by user;
        description
          "Individual route options";
        leaf name {
          type jt:ipprefix;
          description "Destination prefix";
        }

        uses apply-advanced;

        leaf-list policy {
          type jt:policy-algebra;
          ordered-by user;
          description "Policy filter";
        }

        container metric {
          presence "enable metric";
          description "Metric value";
          uses rib_static_metric_type;
        }  // container metric

        container metric2 {
          presence "enable metric2";
          description "Metric value 2";
          uses rib_static_metric_type;
        }  // container metric2

        container metric3 {
          presence "enable metric3";
          description "Metric value 3";
          uses rib_static_metric_type;
        }  // container metric3

        container metric4 {
          presence "enable metric4";
          description "Metric value 4";
          uses rib_static_metric_type;
        }  // container metric4

        container tag {
          presence "enable tag";
          description "Tag string";
          uses rib_static_metric_type;
        }  // container tag

        container tag2 {
          presence "enable tag2";
          description "Tag string 2";
          uses rib_static_metric_type;
        }  // container tag2

        container preference {
          presence "enable preference";
          description "Preference value";
          uses rib_static_metric_type;
        }  // container preference

        container preference2 {
          presence "enable preference2";
          description "Preference value 2";
          uses rib_static_metric_type;
        }  // container preference2

        container color {
          presence "enable color";
          description
            "Color (preference) value";
          uses rib_static_metric_type;
        }  // container color

        container color2 {
          presence "enable color2";
          description
            "Color (preference) value 2";
          uses rib_static_metric_type;
        }  // container color2

        leaf-list community {
          type jt:community;
          ordered-by user;
          description
            "BGP community identifier";
        }

        container as-path {
          description
            "Autonomous system path";
          uses apply-advanced;

          leaf path {
            type string;
            description
              "Autonomous system path";
          }

          leaf origin {
            type enumeration {
              enum "igp" {
                value 0;
                description
                  "Path originated in the local IGP";
              }
              enum "egp" {
                value 1;
                description
                  "Path originated in another AS";
              }
              enum "incomplete" {
                value 2;
                description
                  "Path was learned by some other means";
              }
            }
          }

          leaf atomic-aggregate {
            type empty;
            description
              "Add ATOMIC_AGGREGATE path attribute to route";
          }

          container aggregator {
            presence "enable aggregator";
            description
              "Add AGGREGATOR path attribute to route";
          }  // container aggregator

          leaf as-number {
            type string {
              junos:posix-pattern "^[0-9]+(.[0-9]+)?$";
              junos:pattern-message "Use format 'x' or 'x.y' to specify number 'x' (Range 1 .. 4294967295) or number with higher 2 bytes 'x' (Range 0 .. 65535) and lower 2 bytes 'y' (Range 0 .. 65535) respectively";
            }
            description
              " Autonomous system number in plain number or 'higher 16bits'.'Lower 16 bits' (asdot notation) format";
          }

          leaf address {
            type jt:ipv4addr;
            description
              "Address of BGP system that formed the route";
          }
        }  // container as-path

        leaf discard {
          type empty;
          description
            "Drop packets to destination; send no ICMP unreachables";
        }

        leaf next-table {
          type string;
          description
            "Next hop to another table";
        }

        choice brief_flag {
          leaf brief {
            type empty;
            description
              "Include longest common sequences from contributing paths";
          }
          leaf full {
            type empty;
            description
              "Include all AS numbers from all contributing paths";
          }
        }  // choice brief_flag

        choice passive_flag {
          leaf active {
            type empty;
            description
              "Remove inactive route from forwarding table";
          }
          leaf passive {
            type empty;
            description
              "Retain inactive route in forwarding table";
          }
        }  // choice passive_flag
      }  // list route
    }  // grouping rib_aggregate_type

    grouping rib_group_inet_type {
      description "Routing table group";
      leaf ribgroup-name {
        type string;
        description
          "Name of the routing table group";
      }
    }  // grouping rib_group_inet_type

    grouping rib_group_type {
      uses apply-advanced;

      leaf inet-old-style {
        type string;
        status deprecated;
        description
          "Name of the IPv4 routing table group";
      }

      leaf inet {
        type string;
        description
          "Name of the IPv4 routing table group";
      }

      leaf inet3 {
        type string;
        description
          "Name of the IPv4 inet.3 routing table group";
      }

      leaf inet6 {
        type string;
        description
          "Name of the IPv6 routing table group";
      }

      leaf inet63 {
        type string;
        description
          "Name of the IPv6 inet6.3 routing table group";
      }
    }  // grouping rib_group_type

    grouping rib_static_metric_type {
      leaf metric-value {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Metric value";
      }

      leaf type {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 16";
          }
        }
        description "Metric type";
      }
    }  // grouping rib_static_metric_type

    grouping rip_filter_obj {
      description
        "Filter to apply to tracing";
      leaf match-on {
        type enumeration {
          enum "prefix" {
            value 0;
            description
              "Filter based on prefix";
          }
        }
        description
          "Argument on which to match";
      }

      leaf-list policy {
        type jt:policy-algebra;
        ordered-by user;
        description "Filter policy";
      }
    }  // grouping rip_filter_obj

    grouping route_record_traceoptions {
      description
        "Traceoptions for sampling route record";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description
          "Area of route-record to enable debuging output";
        leaf name {
          type enumeration {
            enum "parse" {
              value 0;
              description
                "Trace parsing code";
            }
            enum "all" {
              value 1;
              description
                "Trace all area of jflow-service code";
            }
          }
        }
      }  // list flag
    }  // grouping route_record_traceoptions

    grouping rpd_rib_group_type {
      description "Routing table group";
      leaf name {
        type string;
        description "Routing table group";
      }

      uses apply-advanced;

      leaf export-rib {
        type string;
        description "Export routing table";
      }

      leaf-list import-rib {
        type string;
        ordered-by user;
        description "Import routing table";
      }

      leaf-list import-policy {
        type jt:policy-algebra;
        ordered-by user;
        description "Import policy";
      }
    }  // grouping rpd_rib_group_type

    grouping sampling_family_inet6_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      list flow-server {
        junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))";
        junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_sampling_inet6_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline;
      }  // container inline-jflow
    }  // grouping sampling_family_inet6_output_type

    grouping cflowd_sampling_inet6_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation

      choice local-dump-choice {
        leaf local-dump {
          type empty;
          description
            "Dump cflowd records to log file before exporting";
        }
        leaf no-local-dump {
          type empty;
          description
            "Don't dump cflowd records to log file before exporting";
        }
      }  // choice local-dump-choice

      leaf source-address {
        type jt:ipv4addr;
        description
          "Source IPv4 address for cflowd packets";
      }

      container version9 {
        junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))";
        junos:must-message "Select only one version or configure only RE based samping under family inet";
        junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))";
        junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9";
        presence "enable version9";
        description
          "Export data in version 9 format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version9 template $$ ipv6-template")";
            junos:must-message "Template type must match input protocol";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version9
    }  // grouping cflowd_sampling_inet6_sampling_type

    grouping packet_export_inline {
      uses apply-advanced;

      leaf source-address {
        type jt:ipaddr;
        description
          "Address to use for generating monitored packets";
      }

      leaf flow-export-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 3200";
          }
        }
        description
          "Flow export rate of monitored packets in kpps";
      }
    }  // grouping packet_export_inline

    grouping sampling_family_input_type {
      description
        "Configure input options for packet sampling";
      uses apply-advanced;

      leaf rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Ratio of packets to be sampled (1 out of N)";
      }

      leaf run-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 20";
          }
        }
        default "0";
        description
          "Number of samples after initial trigger";
      }

      leaf max-packets-per-second {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        default "1000";
        description
          "Threshold of samples per second before dropping";
      }

      leaf maximum-packet-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 9192";
          }
        }
        units "bytes";
        default "0";
        description
          "Maximum length of the sampled packet";
      }
    }  // grouping sampling_family_input_type

    grouping sampling_input_type {
      description
        "Configure input options for packet sampling";
      uses apply-advanced;

      leaf rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Ratio of packets to be sampled (1 out of N)";
      }

      leaf run-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 20";
          }
        }
        default "0";
        description
          "Number of samples after initial trigger";
      }

      leaf max-packets-per-second {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        default "1000";
        description
          "Threshold of samples per second before dropping";
      }

      leaf maximum-packet-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 9192";
          }
        }
        units "bytes";
        default "0";
        description
          "Maximum length of the sampled packet";
      }

      container family {
        presence "enable family";
        status deprecated;
        description "Protocol family";
      }  // container family
    }  // grouping sampling_input_type

    grouping sampling_instance_bridge_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      list flow-server {
        junos:must "(".. inline-jflow")";
        junos:must-message "Output 'inline Jflow' should be configured with flow-server";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_instance_bridge_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline_instance;
      }  // container inline-jflow
    }  // grouping sampling_instance_bridge_output_type

    grouping cflowd_instance_bridge_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      container version-ipfix {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "inline Jflow must be specified for version-ipfix";
        presence "enable version-ipfix";
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version-ipfix template $$ bridge-template")";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix
    }  // grouping cflowd_instance_bridge_sampling_type

    grouping packet_export_inline_instance {
      uses apply-advanced;

      leaf source-address {
        type jt:ipaddr;
        description
          "Address to use for generating monitored packets";
      }

      leaf flow-export-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 3200";
          }
        }
        description
          "Flow export rate of monitored packets in kpps";
      }
    }  // grouping packet_export_inline_instance

    grouping sampling_instance_inet6_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      list flow-server {
        junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))";
        junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_instance_inet6_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline_instance;
      }  // container inline-jflow
    }  // grouping sampling_instance_inet6_output_type

    grouping cflowd_instance_inet6_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation

      choice local-dump-choice {
        leaf local-dump {
          type empty;
          description
            "Dump cflowd records to log file before exporting";
        }
        leaf no-local-dump {
          type empty;
          description
            "Don't dump cflowd records to log file before exporting";
        }
      }  // choice local-dump-choice

      leaf source-address {
        type jt:ipv4addr;
        description
          "Source IPv4 address for cflowd packets";
      }

      container version9 {
        junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))";
        junos:must-message "Select only one version or configure only RE based samping under family inet";
        junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))";
        junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9";
        presence "enable version9";
        description
          "Export data in version 9 format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version9 template $$ ipv6-template")";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version9

      container version-ipfix {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "inline Jflow must be specified for version-ipfix";
        presence "enable version-ipfix";
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version-ipfix template $$ ipv6-template")";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix
    }  // grouping cflowd_instance_inet6_sampling_type

    grouping sampling_instance_inet_global_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      container file {
        junos:must "(!(any ".. extension-service <*>"))";
        junos:must-message "This configuration is not required with 'extension-service'";
        description
          "Configure parameters for dumping sampled packets";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable sampled packet dumps";
          }
        }  // choice enable-disable

        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file to contain sampled packet dumps";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10000";
            }
          }
          default "10";
          description
            "Maximum number of sampled packet dump files";
        }

        leaf size {
          type string;
          description
            "Maximum sample dump file size";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the sampled dump";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the sampled dump";
          }
        }  // choice world-readable-choice

        choice stamp-choice {
          leaf stamp {
            type empty;
            description
              "Timestamp every packet in the dump";
          }
          leaf no-stamp {
            type empty;
            description
              "Don't timestamp every packet in the dump";
          }
        }  // choice stamp-choice
      }  // container file

      container port-mirroring {
        junos:must "(!(any ".. extension-service <*>"))";
        junos:must-message "This configuration is not required with 'extension-service'";
        presence "enable port-mirroring";
        description
          "Configure sending sampled traffic out through an interface";
        uses inet_pm_family_output_type;
      }  // container port-mirroring

      list flow-server {
        junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))";
        junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_sampling_inet_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline;
      }  // container inline-jflow
    }  // grouping sampling_instance_inet_global_output_type

    grouping cflowd_sampling_inet_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation

      choice local-dump-choice {
        leaf local-dump {
          type empty;
          description
            "Dump cflowd records to log file before exporting";
        }
        leaf no-local-dump {
          type empty;
          description
            "Don't dump cflowd records to log file before exporting";
        }
      }  // choice local-dump-choice

      leaf source-address {
        type jt:ipv4addr;
        description
          "Source IPv4 address for cflowd packets";
      }

      container version9 {
        junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))";
        junos:must-message "Select only one version or configure only RE based samping under family inet";
        junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))";
        junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9";
        presence "enable version9";
        description
          "Export data in version 9 format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "(("services flow-monitoring version9 template $$ ipv4-template" || "services flow-monitoring version9 template $$ peer-as-billing-template"))";
            junos:must-message "Template type must match input protocol";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version9

      container version-ipfix {
        presence "enable version-ipfix";
        status deprecated;
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix

      leaf version {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        type enumeration {
          enum "5" {
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 0;
            description
              "Export cflowd aggregates in version 5 format";
          }
          enum "8" {
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 1;
            description
              "Export cflowd aggregates in version 8 format";
          }
          enum "500" {
            junos:must "(!(".. .. interface"))";
            junos:must-message "This feature is only supported for RE based sampling";
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 2;
            description
              "Export cflowd aggregates in ASN 500 format";
          }
        }
        default "5";
        description
          "Format of exported cflowd aggregates";
      }
    }  // grouping cflowd_sampling_inet_type

    grouping sampling_instance_inet_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      list flow-server {
        junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))";
        junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'";
        junos:must "((".. interface" || ".. inline-jflow"))";
        junos:must-message "Output 'interface' or 'inline Jflow' should be configured with flow-server";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_instance_inet_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline_instance;
      }  // container inline-jflow
    }  // grouping sampling_instance_inet_output_type

    grouping cflowd_instance_inet_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation

      choice local-dump-choice {
        leaf local-dump {
          type empty;
          description
            "Dump cflowd records to log file before exporting";
        }
        leaf no-local-dump {
          type empty;
          description
            "Don't dump cflowd records to log file before exporting";
        }
      }  // choice local-dump-choice

      leaf source-address {
        type jt:ipv4addr;
        description
          "Source IPv4 address for cflowd packets";
      }

      container version9 {
        junos:must "((!(any ".. .. .. .. inet output flow-server <*> version") || !(any ".. .. .. .. inet output interface <*>")))";
        junos:must-message "Select only one version or configure only RE based samping under family inet";
        junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))";
        junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9";
        presence "enable version9";
        description
          "Export data in version 9 format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version9 template $$ ipv4-template")";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version9 template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version9

      container version-ipfix {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "inline Jflow must be specified for version-ipfix";
        presence "enable version-ipfix";
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version-ipfix template $$ ipv4-template")";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix

      leaf version {
        junos:must "(!(any ".. .. .. .. .. family mpls output flow-server <*> version9"))";
        junos:must-message "Select only one version";
        junos:must "(!(any ".. .. .. .. .. family inet6 output flow-server <*> version9"))";
        junos:must-message "Select only one version";
        junos:must "(!(any ".. .. .. .. .. family inet output flow-server <*> version9"))";
        junos:must-message "Select only one version";
        junos:must "(!(any ".. .. flow-server <*> version-ipfix"))";
        junos:must-message "Select only one version";
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        type enumeration {
          enum "5" {
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 0;
            description
              "Export cflowd aggregates in version 5 format";
          }
          enum "8" {
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 1;
            description
              "Export cflowd aggregates in version 8 format";
          }
        }
        default "5";
        description
          "Format of exported cflowd aggregates";
      }
    }  // grouping cflowd_instance_inet_sampling_type

    grouping sampling_instance_input_type {
      description
        "Configure input options for packet sampling";
      uses apply-advanced;

      leaf rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Ratio of packets to be sampled (1 out of N)";
      }

      leaf run-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 20";
          }
        }
        default "0";
        description
          "Number of samples after initial trigger";
      }

      leaf max-packets-per-second {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        default "1000";
        description
          "Threshold of samples per second before dropping";
      }

      leaf maximum-packet-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 9192";
          }
        }
        units "bytes";
        default "0";
        description
          "Maximum length of the sampled packet";
      }
    }  // grouping sampling_instance_input_type

    grouping sampling_instance_mpls_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      list flow-server {
        junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))";
        junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'";
        junos:must "((".. interface" || ".. inline-jflow"))";
        junos:must-message "Output 'interface' or 'inline Jflow' should be configured with flow-server";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_instance_mpls_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline_instance;
      }  // container inline-jflow
    }  // grouping sampling_instance_mpls_output_type

    grouping cflowd_instance_mpls_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation

      choice local-dump-choice {
        leaf local-dump {
          type empty;
          description
            "Dump cflowd records to log file before exporting";
        }
        leaf no-local-dump {
          type empty;
          description
            "Don't dump cflowd records to log file before exporting";
        }
      }  // choice local-dump-choice

      leaf source-address {
        type jt:ipv4addr;
        description
          "Source IPv4 address for cflowd packets";
      }

      container version-ipfix {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "inline Jflow must be specified for version-ipfix";
        presence "enable version-ipfix";
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "(("services flow-monitoring version-ipfix template $$ mpls-template" || ("services flow-monitoring version-ipfix template $$ mpls-ipv4-template" || "services flow-monitoring version-ipfix template $$ mpls-ipvx-template")))";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix
    }  // grouping cflowd_instance_mpls_sampling_type

    grouping sampling_instance_vpls_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      list flow-server {
        junos:must "(".. inline-jflow")";
        junos:must-message "Output 'inline Jflow' should be configured with flow-server";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_instance_vpls_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline_instance;
      }  // container inline-jflow
    }  // grouping sampling_instance_vpls_output_type

    grouping cflowd_instance_vpls_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      container version-ipfix {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "inline Jflow must be specified for version-ipfix";
        presence "enable version-ipfix";
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "("services flow-monitoring version-ipfix template $$ vpls-template")";
            junos:must-message "Template type must match input protocol";
            junos:must "((!(".. .. .. .. inline-jflow source-address") || (".. .. .. .. inline-jflow source-address" && all ".. .. .. .. flow-server <*> version-ipfix template $$")))";
            junos:must-message "All the collector under same family should share the same template in Inline-Jflow";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix
    }  // grouping cflowd_instance_vpls_sampling_type

    grouping sampling_output_type {
      description
        "Configure output options for packet sampling";
      uses apply-advanced;

      leaf aggregate-export-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "90 .. 1800";
          }
        }
        units "seconds";
        default "90";
        description
          "Interval of exporting aggregate accounting information";
      }

      container file {
        junos:must "(!(any ".. extension-service <*>"))";
        junos:must-message "This configuration is not required with 'extension-service'";
        description
          "Configure parameters for dumping sampled packets";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable sampled packet dumps";
          }
        }  // choice enable-disable

        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file to contain sampled packet dumps";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 10000";
            }
          }
          default "10";
          description
            "Maximum number of sampled packet dump files";
        }

        leaf size {
          type string;
          description
            "Maximum sample dump file size";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the sampled dump";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the sampled dump";
          }
        }  // choice world-readable-choice

        choice stamp-choice {
          leaf stamp {
            type empty;
            description
              "Timestamp every packet in the dump";
          }
          leaf no-stamp {
            type empty;
            description
              "Don't timestamp every packet in the dump";
          }
        }  // choice stamp-choice
      }  // container file

      container port-mirroring {
        junos:must "(!(any ".. extension-service <*>"))";
        junos:must-message "This configuration is not required with 'extension-service'";
        presence "enable port-mirroring";
        description
          "Configure sending sampled traffic out through an interface";
        uses inet_pm_family_output_type;
      }  // container port-mirroring

      list flow-server {
        junos:must "((!(any ".. interface <*>") || all ".. interface <*> source-address"))";
        junos:must-message "'output interface source-address' must be specified with 'flow-server' and 'interface'";
        key "name";
        max-elements 8;
        description
          "Configure sending traffic aggregates in cflowd format";
        uses cflowd_sampling_type;
      }  // list flow-server

      container inline-jflow {
        junos:must "(any ".. flow-server <*>")";
        junos:must-message "'flow-server' must be specified with the inline Jflow";
        presence "enable inline-jflow";
        description
          "Inline processing of sampled packets";
        uses packet_export_inline;
      }  // container inline-jflow
    }  // grouping sampling_output_type

    grouping cflowd_sampling_type {
      leaf name {
        type jt:ipaddr;
        description
          "Name of host collecting cflowd packets";
      }

      uses apply-advanced;

      leaf port {
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "UDP port number on host collecting cflowd packets";
      }

      leaf dscp {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "DSCP can be configured for inline-jflow";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "0 .. 63";
          }
        }
        default "0";
        description
          "Numeric DSCP value in the range 0 to 63";
      }

      leaf forwarding-class {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "forwarding-class can be configured for inline-jflow";
        type string {
          length "1 .. 64";
        }
        description
          "Forwarding-class for exported jflow packets, applicable only for inline-jflow";
      }

      leaf routing-instance {
        junos:must "(".. .. inline-jflow")";
        junos:must-message "Routing Instances can be configured for inline-jflow";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "routing instance should be defined and should be of type Virtual routing forwarding instance(VRF)";
        type string;
        description
          "Name of routing instance on which flow collector is reachable";
      }

      leaf autonomous-system-type {
        type enumeration {
          enum "origin" {
            value 0;
            description
              "Export origin-AS numbers";
          }
          enum "peer" {
            value 1;
            description
              "Export peer-AS numbers";
          }
        }
        default "origin";
        description
          "Type of autonomous system number to export";
      }

      container aggregation {
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        description
          "Aggregations to perform for exported flows (version 8 only)";
        uses aggregation_type;
      }  // container aggregation

      choice local-dump-choice {
        leaf local-dump {
          type empty;
          description
            "Dump cflowd records to log file before exporting";
        }
        leaf no-local-dump {
          type empty;
          description
            "Don't dump cflowd records to log file before exporting";
        }
      }  // choice local-dump-choice

      leaf source-address {
        type jt:ipv4addr;
        description
          "Source IPv4 address for cflowd packets";
      }

      container version9 {
        junos:must "(!(any ".. .. flow-server <*> version"))";
        junos:must-message "Select only one version";
        junos:must "((any ".. .. interface <*>" || ".. .. inline-jflow"))";
        junos:must-message "Service PIC or inline-jflow (j-series and SRX only) must be specified for version9";
        presence "enable version9";
        description
          "Export data in version 9 format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            junos:must "((("services flow-monitoring version9 template $$ ipv4-template" && "forwarding-options sampling input family inet") || (("services flow-monitoring version9 template $$ ipv6-template" && "forwarding-options sampling input family inet6") || (("services flow-monitoring version9 template $$ mpls-template" && "forwarding-options sampling input family mpls") || (("services flow-monitoring version9 template $$ mpls-ipv4-template" && "forwarding-options sampling input family mpls") || ("services flow-monitoring version9 template $$ mpls-ipvx-template" && "forwarding-options sampling input family mpls"))))))";
            junos:must-message "Template type must match input protocol";
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version9

      container version-ipfix {
        presence "enable version-ipfix";
        status deprecated;
        description
          "Export data in version ipfix format";
        uses apply-advanced;

        container template {
          description
            "Template configuration";
          uses apply-advanced;

          leaf template-name {
            type string;
            description "Template name";
          }
        }  // container template
      }  // container version-ipfix

      leaf version {
        junos:must "("forwarding-options sampling input family inet")";
        junos:must-message "input 'family inet' must be configured";
        junos:must "(!(any ".. .. flow-server <*> version9"))";
        junos:must-message "Select only one version";
        type enumeration {
          enum "5" {
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 0;
            description
              "Export cflowd aggregates in version 5 format";
          }
          enum "8" {
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 1;
            description
              "Export cflowd aggregates in version 8 format";
          }
          enum "500" {
            junos:must "(!(".. .. interface"))";
            junos:must-message "This feature is only supported for RE based sampling";
            junos:must "("system ntp")";
            junos:must-message " NTP must be configured for sampling v5/8/500 to work properly";
            value 2;
            description
              "Export cflowd aggregates in ASN 500 format";
          }
        }
        default "5";
        description
          "Format of exported cflowd aggregates";
      }
    }  // grouping cflowd_sampling_type

    grouping sampling_traceoptions_type {
      description
        "Configure packet sampling traceoptions";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file
    }  // grouping sampling_traceoptions_type

    grouping sbl-type {
      description "SBL type";
      uses apply-advanced;

      list profile {
        key "name";
        ordered-by user;
        description "SBL profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description "SBL profile name";
        }

        uses apply-advanced;

        choice sbl-default-server-choice {
          leaf sbl-default-server {
            type empty;
            description "Default SBL server";
          }
          leaf no-sbl-default-server {
            type empty;
            description
              "Don't default SBL server";
          }
        }  // choice sbl-default-server-choice

        leaf spam-action {
          type enumeration {
            enum "block" {
              value 0;
              description "Block e-mail";
            }
            enum "tag-header" {
              value 1;
              description
                "Tag header of e-mail";
            }
            enum "tag-subject" {
              value 2;
              description
                "Tag subject of e-mail";
            }
          }
          description "Anti-spam actions";
        }

        leaf custom-tag-string {
          type string {
            length "1 .. 512";
          }
          description "Custom tag string";
        }

        leaf address-whitelist {
          junos:must "("security utm custom-objects url-pattern $$")";
          junos:must-message "url-pattern must be defined";
          type string;
          description "Anti-spam whitelist";
        }

        leaf address-blacklist {
          junos:must "("security utm custom-objects url-pattern $$")";
          junos:must-message "url-pattern must be defined";
          type string;
          description "Anti-spam blacklist";
        }
      }  // list profile
    }  // grouping sbl-type

    grouping scheduler_object_type {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description
          "Name of security scheduler";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of scheduler";
      }

      list start-date {
        key "start-date stop-date";
        max-elements 2;
        ordered-by user;
        description
          "Start date and time ([YYYY-]MM-DD.hh:mm)";
        leaf start-date {
          type string {
            junos:posix-pattern "^((2[0-9][0-9][0-9][-])?(0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])[.][0-9]{2,2}[:][0-9]{2,2})$";
            junos:pattern-message "Invalid date format [YYYY-]MM-DD.hh:mm";
          }
          description
            "Start date and time ([YYYY-]MM-DD.hh:mm)";
        }

        leaf stop-date {
          type string {
            junos:posix-pattern "^((2[0-9][0-9][0-9][-])?(0[1-9]|1[012])[-](0[1-9]|[12][0-9]|3[01])[.][0-9]{2,2}[:][0-9]{2,2})$";
            junos:pattern-message "Invalid date format [YYYY-]MM-DD.hh:mm";
          }
          description
            "Stop date and time ([YYYY-]MM-DD.hh:mm)";
        }

        uses apply-advanced;
      }  // list start-date

      container daily {
        description
          "Everyday; can be overwritten by specific weekday";
        uses daily-object;
      }  // container daily

      container sunday {
        description "Every Sunday";
        uses daily-object;
      }  // container sunday

      container monday {
        description "Every Monday";
        uses daily-object;
      }  // container monday

      container tuesday {
        description "Every Tuesday";
        uses daily-object;
      }  // container tuesday

      container wednesday {
        description "Every Wednesday";
        uses daily-object;
      }  // container wednesday

      container thursday {
        description "Every Thursday";
        uses daily-object;
      }  // container thursday

      container friday {
        description "Every Friday";
        uses daily-object;
      }  // container friday

      container saturday {
        description "Every Saturday";
        uses daily-object;
      }  // container saturday
    }  // grouping scheduler_object_type

    grouping daily-object {
      description "Daily schedule";
      uses apply-advanced;

      choice daily_type {
        list start-time {
          key "start-time-value stop-time";
          max-elements 2;
          description "Time range for day";
          leaf start-time-value {
            type string {
              junos:posix-pattern "^((0[0-9]|1[0-9]|2[0-3])([:][0-5][0-9])?([:][0-5][0-9])?)$";
              junos:pattern-message "Must be a valid time in hh:mm format";
            }
            description
              "Start time for day (hh:mm)";
          }

          leaf stop-time {
            type string {
              junos:posix-pattern "^((0[0-9]|1[0-9]|2[0-3])([:][0-5][0-9])?([:][0-5][0-9])?)$";
              junos:pattern-message "Must be a valid time in hh:mm format";
            }
            description
              "Stop time for day (hh:mm)";
          }

          uses apply-advanced;
        }  // list start-time
        leaf exclude {
          type empty;
          description
            "Exclude day from week";
        }
        leaf all-day {
          type empty;
          description "Include complete day";
        }
      }  // choice daily_type
    }  // grouping daily-object

    grouping sctp-object {
      uses apply-advanced;

      list profile {
        key "name";
        description
          "Configure stream transmission protocol";
        leaf name {
          type string {
            junos:posix-pattern "^[0-9A-Za-z][_0-9A-Za-z-]{0,30}$";
            junos:pattern-message "Must be a string beginning with a letter or number, and consisting of no more than 31 total letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description
            "SCTP configuration name";
        }

        uses apply-advanced;

        leaf nat-only {
          type empty;
          description
            "Only do payload IPs translation for SCTP packet";
        }

        leaf association-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 1440";
            }
          }
          description
            "SCTP association timeout length, in minutes";
        }

        leaf handshake-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 30";
            }
          }
          description
            "SCTP handshake timeout, in seconds";
        }

        container drop {
          description
            "Disallowed SCTP payload message";
          uses apply-advanced;

          list m3ua-service {
            key "name";
            ordered-by user;
            description
              "MTP level 3 (MTP3) user adaptation layer service";
            leaf name {
              type enumeration {
                enum "sccp" {
                  value 0;
                  description
                    "Signaling connection control part";
                }
                enum "tup" {
                  value 1;
                  description
                    "Telephone user part";
                }
                enum "isup" {
                  value 2;
                  description
                    "ISDN user part";
                }
              }
            }
          }  // list m3ua-service

          list payload-protocol {
            key "name";
            ordered-by user;
            description
              "SCTP payload protocol identifier";
            leaf name {
              type string;
            }
          }  // list payload-protocol
        }  // container drop

        container permit {
          description
            "Permit SCTP payload message";
          uses apply-advanced;

          list payload-protocol {
            key "name";
            ordered-by user;
            description
              "SCTP payload protocol identifier";
            leaf name {
              type string;
            }
          }  // list payload-protocol
        }  // container permit

        container limit {
          description "Packet limits";
          uses apply-advanced;

          list payload-protocol {
            key "name";
            ordered-by user;
            description "Payload Rate limit";
            leaf name {
              type string;
            }

            leaf rate {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 12000";
                }
              }
              description "Rate limit";
            }
          }  // list payload-protocol

          list address {
            key "name";
            ordered-by user;
            description
              "Rate limit for a list of IP addresses";
            leaf name {
              type jt:ipaddr;
              description "IP address";
            }

            uses apply-advanced;

            list payload-protocol {
              key "name";
              ordered-by user;
              description
                "Payload Rate limit";
              leaf name {
                type string;
              }

              leaf rate {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 12000";
                  }
                }
                description "Rate limit";
              }
            }  // list payload-protocol
          }  // list address

          container rate {
            description "Rate limit";
            uses apply-advanced;

            leaf sccp {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 12000";
                }
              }
              description
                "Global SCCP messages rate limit";
            }

            leaf ssp {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 12000";
                }
              }
              description
                "Global SSP messages rate limit";
            }

            leaf sst {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "1 .. 12000";
                }
              }
              description
                "Global SST messages rate limit";
            }

            list address {
              key "name";
              ordered-by user;
              description
                "Rate limit for a list of IP addresses";
              leaf name {
                type jt:ipaddr;
                description "IP address";
              }

              uses apply-advanced;

              leaf sccp {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 12000";
                  }
                }
                description
                  "SCCP messages rate limit";
              }

              leaf ssp {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 12000";
                  }
                }
                description
                  "SSP messages rate limit";
              }

              leaf sst {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1 .. 12000";
                  }
                }
                description
                  "SST messages rate limit";
              }
            }  // list address
          }  // container rate
        }  // container limit
      }  // list profile

      container multichunk-inspection {
        description
          "Configure for SCTP multi chunks inspection";
        uses apply-advanced;

        choice multichunk-flag {
          leaf disable {
            type empty;
            description
              "Set multichunk inspection flag to disable";
          }
        }  // choice multichunk-flag
      }  // container multichunk-inspection

      container nullpdu {
        description
          "Configure for SCTP NULLPDU protocol value";
        uses apply-advanced;

        container protocol {
          description
            "SCTP NULLPDU payload protocol identifier";
          uses apply-advanced;

          choice nullpdu-protocol {
            leaf ID-0x0000 {
              type empty;
              description
                "Set 0x0000 to be NULLPDU ID value";
            }
            leaf ID-0xFFFF {
              type empty;
              description
                "Set 0xFFFF to be NULLPDU ID value";
            }
          }  // choice nullpdu-protocol
        }  // container protocol
      }  // container nullpdu

      list log {
        key "name";
        ordered-by user;
        description
          "GPRS stream control transmission protocol logs";
        leaf name {
          type enumeration {
            enum "configuration" {
              value 0;
              description
                "Log CLI configuration";
            }
            enum "rate-limit" {
              value 1;
              description
                "Log exceeding rate limits";
            }
            enum "association" {
              value 2;
              description
                "Log association event";
            }
            enum "data-message-drop" {
              value 3;
              description
                "Log the drop of SCTP data message";
            }
            enum "control-message-drop" {
              value 4;
              description
                "Log the drop of SCTP control message";
            }
            enum "control-message-all" {
              value 5;
              description
                "Log SCTP control message both drop and pass";
            }
          }
        }
      }  // list log

      container traceoptions {
        description
          "Trace options for GPRS stream control transmission protocol";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Trace configuration events";
              }
              enum "detail" {
                value 1;
                description
                  "Trace detail events";
              }
              enum "flow" {
                value 2;
                description
                  "Trace flow events";
              }
              enum "parser" {
                value 3;
                description
                  "Trace parser events";
              }
              enum "chassis-cluster" {
                value 4;
                description
                  "Trace chassis cluster events";
              }
              enum "all" {
                value 5;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag
      }  // container traceoptions
    }  // grouping sctp-object

    grouping secintel-category-disable {
      description
        "Security intelligence category";
      leaf name {
        type enumeration {
          enum "IPFilter" {
            value 0;
            description "IPFilter";
          }
          enum "GeoIP" {
            value 1;
            description "GeoIP";
          }
          enum "CC" {
            value 2;
            description
              "Command and control";
          }
          enum "Blacklist" {
            value 3;
            description "Blacklist";
          }
          enum "Whitelist" {
            value 4;
            description "Whitelist";
          }
          enum "Infected-Hosts" {
            value 5;
            description "Infected-Hosts";
          }
          enum "SecProfiling" {
            value 6;
            description "SecProfiling";
          }
          enum "DNS" {
            value 7;
            description "DNS";
          }
        }
        description
          "Name of security intelligence category";
      }

      uses apply-advanced;

      container disable {
        presence "enable disable";
        description
          "To disable category for feed update";
      }  // container disable
    }  // grouping secintel-category-disable

    grouping secintel-policy-setting {
      description
        "Security intelligence policy setting";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description
          "Security intelligence policy name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of policy";
      }

      list category-profiles {
        key "name";
        ordered-by user;
        description
          "Security intelligence category profiles";
        leaf name {
          type enumeration {
            enum "IPFilter" {
              value 0;
              description "IPFilter";
            }
            enum "GeoIP" {
              value 1;
              description "GeoIP";
            }
            enum "CC" {
              value 2;
              description
                "Command and control";
            }
            enum "Infected-Hosts" {
              value 3;
              description "Infected-Hosts";
            }
            enum "DNS" {
              value 4;
              description "DNS";
            }
          }
          description
            "Name of security intelligence category";
        }

        uses apply-advanced;

        leaf profile-name {
          junos:must "("services security-intelligence profile $$")";
          junos:must-message "security intelligence profile must be defined";
          type string;
          description "Name of profile";
        }
      }  // list category-profiles
    }  // grouping secintel-policy-setting

    grouping secintel-profile-setting {
      description
        "Security intelligence profile settings";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description
          "Security intelligence profile name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of profile";
      }

      leaf category {
        type string;
        description "Profile category name";
      }

      list rule {
        key "name";
        ordered-by user;
        description "Profile rule name";
        uses secintel-profile-rule;
      }  // list rule

      container default-rule {
        presence "enable default-rule";
        description "Profile default rule";
        uses apply-advanced;

        container then {
          presence "enable then";
          description
            "Profile default rule action";
          uses apply-advanced;

          container action {
            description
              "Security intelligence profile action";
            uses apply-advanced;

            choice action {
              leaf permit {
                type empty;
                description "Permit action";
              }
              container block {
                description "Block action";
                uses apply-advanced;

                choice action {
                  container drop {
                    presence "enable drop";
                    description
                      "Drop packet";
                  }  // container drop
                  container close {
                    junos:must "(!(".. .. .. .. .. category DNS"))";
                    junos:must-message "close action not available on DNS profiles";
                    presence "enable close";
                    description
                      "Close session";
                    uses apply-advanced;

                    container http {
                      description
                        "Http content for block action";
                      uses apply-advanced;

                      choice http-choice {
                        leaf file {
                          type string;
                          description
                            "File name for http response to client";
                        }
                        leaf message {
                          type string;
                          description
                            "Block message to client";
                        }
                        leaf redirect-url {
                          type string {
                            junos:posix-pattern "^https?://.*";
                            junos:pattern-message "URL must begin with http:// or https://";
                            length
                              "1 .. 1023";
                          }
                          description
                            "Redirect url to client";
                        }
                      }  // choice http-choice
                    }  // container http
                  }  // container close
                }  // choice action
              }  // container block
              container recommended {
                junos:must "(!(".. .. .. .. category DNS"))";
                junos:must-message "recommend action not available on DNS profiles";
                presence
                  "enable recommended";
                description
                  "Recommended action from feed server";
              }  // container recommended
              leaf sinkhole {
                junos:must "(".. .. .. .. category DNS")";
                junos:must-message "Sinkhole action requires DNS category profile";
                type empty;
                description
                  "DNS sinkhole for DNS profile";
              }
            }  // choice action
          }  // container action

          choice log-choice {
            leaf log {
              type empty;
              description
                "Log security intelligence block action";
            }
            leaf no-log {
              type empty;
              description
                "Don't log security intelligence block action";
            }
          }  // choice log-choice
        }  // container then
      }  // container default-rule
    }  // grouping secintel-profile-setting

    grouping secintel-profile-rule {
      description
        "Security intelligence profile rule";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description "Profile rule name";
      }

      uses apply-advanced;

      container match {
        description
          "Profile matching feed name and threat levels";
        uses apply-advanced;

        list feed-name {
          key "name";
          max-elements 32;
          ordered-by user;
          description
            "Profile matching feed name";
          leaf name {
            type string {
              junos:posix-pattern "^[^/;:|=,+*?&<>{}]*$";
              junos:pattern-message "Must not be double quotation marks and other special characters as / ; : | = , + * ? & < > { }";
              length "1 .. 63";
            }
          }

          uses apply-advanced;
        }  // list feed-name

        leaf-list threat-level {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          ordered-by user;
          description
            "Profile matching threat levels, higher number is more severe";
        }
      }  // container match

      container then {
        description "Profile action and log";
        uses apply-advanced;

        container action {
          description
            "Security intelligence profile action";
          uses apply-advanced;

          choice action {
            leaf permit {
              type empty;
              description "Permit action";
            }
            container block {
              description "Block action";
              uses apply-advanced;

              choice action {
                container drop {
                  presence "enable drop";
                  description "Drop packet";
                }  // container drop
                container close {
                  junos:must "(!(".. .. .. .. .. category DNS"))";
                  junos:must-message "close action not available on DNS profiles";
                  presence "enable close";
                  description
                    "Close session";
                  uses apply-advanced;

                  container http {
                    description
                      "Http content for block action";
                    uses apply-advanced;

                    choice http-choice {
                      leaf file {
                        type string;
                        description
                          "File name for http response to client";
                      }
                      leaf message {
                        type string;
                        description
                          "Block message to client";
                      }
                      leaf redirect-url {
                        type string {
                          junos:posix-pattern "^https?://.*";
                          junos:pattern-message "URL must begin with http:// or https://";
                          length "1 .. 1023";
                        }
                        description
                          "Redirect url to client";
                      }
                    }  // choice http-choice
                  }  // container http
                }  // container close
              }  // choice action
            }  // container block
            container recommended {
              junos:must "(!(".. .. .. .. category DNS"))";
              junos:must-message "recommend action not available on DNS profiles";
              presence "enable recommended";
              description
                "Recommended action from feed server";
            }  // container recommended
            leaf sinkhole {
              junos:must "(".. .. .. .. category DNS")";
              junos:must-message "Sinkhole action requires DNS category profile";
              type empty;
              description
                "DNS sinkhole for DNS profile";
            }
          }  // choice action
        }  // container action

        container log {
          presence "enable log";
          description
            "Log security intelligence block action";
        }  // container log
      }  // container then
    }  // grouping secintel-profile-rule

    grouping secintel-traceoptions {
      description
        "Security intelligence trace options";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description "Trace flags";
        leaf name {
          type enumeration {
            enum "all" {
              value 0;
              description "Trace everything";
            }
            enum "blacklist" {
              value 1;
              description
                "Trace security intelligence Blacklist category";
            }
            enum "cc" {
              value 2;
              description
                "Trace security intelligence CC category";
            }
            enum "infected-hosts" {
              value 3;
              description
                "Trace security intelligence Infected-Hosts category";
            }
            enum "control" {
              value 4;
              description
                "Trace control plane";
            }
            enum "feed" {
              value 5;
              description
                "Trace feed operation";
            }
            enum "ipc" {
              value 6;
              description "Trace ipc module";
            }
            enum "infrastucture" {
              value 7;
              description
                "Trace infrastucture functions";
            }
            enum "jwas" {
              value 8;
              description
                "Trace security intelligence JWAS category";
            }
            enum "plugin" {
              value 9;
              description
                "Trace security intelligence plugin services";
            }
            enum "whitelist" {
              value 10;
              description
                "Trace security intelligence Whitelist category";
            }
            enum "secprofiling" {
              value 11;
              description
                "Trace security intelligence Secprofiling category";
            }
          }
        }
      }  // list flag
    }  // grouping secintel-traceoptions

    grouping secure-wire-type {
      description
        "Secure-wire cross connection";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description "Secure-wire name";
      }

      uses apply-advanced;

      leaf-list interface {
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        max-elements 2;
        description
          "Secure-wire logical interface";
      }
    }  // grouping secure-wire-type

    grouping security-authentication-key-chains {
      uses apply-advanced;

      list key-chain {
        key "name";
        description
          "Key chain configuration";
        leaf name {
          type string {
            junos:posix-pattern "!^((__.*__)|(.*[ ].*)|(.{33,}))$";
            junos:pattern-message "Must be string of 32 characters or less with no spaces";
          }
          description
            "Name of authentication key chain";
        }

        uses apply-advanced;

        leaf description {
          type string {
            length "1 .. 80";
          }
          description
            "Text description of this authentication-key-chain";
        }

        leaf tolerance {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4294967295";
            }
          }
          units "seconds";
          default "3600";
          description "Clock skew tolerance";
        }

        list key {
          key "name";
          description
            "Authentication element configuration";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 63";
              }
            }
            description
              "Authentication element identifier";
          }

          uses apply-advanced;

          leaf secret {
            type string {
              length "1 .. 126";
            }
            description "Authentication key";
          }

          leaf key-name {
            type string {
              junos:posix-pattern "^([0-9a-fA-F][0-9a-fA-F]){1,32}$";
              junos:pattern-message "Must be an even-length string up to 64 hexadecimal digits (0-9, a-f, A-F)";
              length "2 .. 64";
            }
            description
              "Key name in hexadecimal format used for macsec";
          }

          leaf start-time {
            type jt:time;
            description
              "Start time for key transmission (YYYY-MM-DD.HH:MM)";
          }

          leaf algorithm {
            type enumeration {
              enum "md5" {
                value 0;
                description
                  "Message Digest 5";
              }
              enum "hmac-sha-1" {
                junos:must "(".. options isis-enhanced")";
                junos:must-message "sha algorithm required isis-enhanced";
                value 1;
                description
                  "Hash-based Message Authentication Code (SHA1) (96 bits)";
              }
              enum "ao" {
                value 2;
                description
                  "TCP Authentication Option";
              }
            }
            default "md5";
            description
              "Authentication algorithm";
          }

          leaf options {
            type enumeration {
              enum "basic" {
                value 0;
                description
                  "Rudimentary encoding format";
              }
              enum "isis-enhanced" {
                value 1;
                description
                  "RFC 5310 based encoding";
              }
            }
            default "basic";
            description
              "Protocol's transmission encoding format";
          }

          container ao-attribute {
            junos:must "(!(".. authentication-key"))";
            junos:must-message "Cannot be configured with authentication-key";
            junos:must "(".. algorithm ao")";
            junos:must-message "Can only be configured with authentication-algorithm ao";
            description
              "TCP Authentication option attributes";
            uses apply-advanced;

            leaf send-id {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255";
                }
              }
              description
                "Send id for TCP-AO entry";
            }

            leaf recv-id {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 255";
                }
              }
              description
                "Recv id for TCP-AO entry";
            }

            leaf tcp-ao-option {
              type enumeration {
                enum "enabled" {
                  value 0;
                  description
                    "Include the TCP-AO option";
                }
                enum "disabled" {
                  value 1;
                  description
                    "Not include the TCP-AO option";
                }
              }
              default "disabled";
              description
                "Include TCP-AO option within message header";
            }

            leaf cryptographic-algorithm {
              type enumeration {
                enum "hmac-sha-1-96" {
                  value 0;
                  description
                    "Hash-based Message Authentication Code (SHA1) (96 bits)";
                }
                enum "aes-128-cmac-96" {
                  value 1;
                  description
                    "Cipher-based Message Authentication Code (AES128) (96 bits)";
                }
              }
              default "hmac-sha-1-96";
              description
                "Cryptographic algorithm for TCP-AO Traffic key and MAC digest generation";
            }
          }  // container ao-attribute
        }  // list key
      }  // list key-chain
    }  // grouping security-authentication-key-chains

    grouping security-dhcpv6-options-type {
      description "Configure DHCPv6 options";
      uses apply-advanced;

      container option-37 {
        presence "enable option-37";
        description
          "Configure DHCPv6 remote identifier option";
        uses apply-advanced;

        container prefix {
          description
            "Configure DHCPv6 remote identifier prefix";
          uses apply-advanced;

          leaf host-name {
            type empty;
            description
              "Prefix router host name to DHCPv6 remote identifier";
          }

          leaf logical-system-name {
            type empty;
            description
              "Prefix logical system name to DHCPv6 remote identifier";
          }

          leaf routing-instance-name {
            type empty;
            description
              "Prefix routing instance name to DHCPv6 remote identifier";
          }

          leaf vlan-name {
            type empty;
            description
              "Prefix vlan name to DHCPv6 remote identifier";
          }

          leaf vlan-id {
            type empty;
            description
              "Prefix vlan tag to DHCPv6 remote identifier";
          }
        }  // container prefix

        leaf use-interface-mac {
          type empty;
          description
            "Add incoming interface's MAC address to DHCPv6 remote identifier";
        }

        leaf use-interface-index {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface index";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface index";
            }
          }
          description
            "Add interface index to DHCPv6 remote identifier";
        }

        leaf use-interface-name {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface name";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface name";
            }
          }
          description
            "Add interface name to DHCPv6 remote identifier";
        }

        leaf use-interface-description {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Add interface description to DHCPv6 remote identifier";
        }

        leaf use-string {
          junos:must "(!(".. use-interface-description"))";
          junos:must-message "use-string and use-interface-description cannot be configured together";
          type string;
          description
            "Add custom string to DHCPv6 remote identifier";
        }
      }  // container option-37

      container option-18 {
        presence "enable option-18";
        description
          "Configure DHCPv6 interface identifier option";
        uses apply-advanced;

        container prefix {
          description
            "Configure DHCPv6 interface identifier prefix";
          uses apply-advanced;

          leaf host-name {
            type empty;
            description
              "Prefix router host name to DHCPv6 interface identifier";
          }

          leaf logical-system-name {
            type empty;
            description
              "Prefix logical system name to DHCPv6 interface identifier";
          }

          leaf routing-instance-name {
            type empty;
            description
              "Prefix routing instance name to DHCPv6 interface identifier";
          }

          leaf vlan-name {
            type empty;
            description
              "Prefix vlan name to DHCPv6 interface identifier";
          }

          leaf vlan-id {
            type empty;
            description
              "Prefix vlan tag to DHCPv6 interface identifier";
          }
        }  // container prefix

        leaf use-interface-mac {
          type empty;
          description
            "Add incoming interface's MAC address to DHCPv6 circuit identifier";
        }

        leaf use-interface-index {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface index";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface index";
            }
          }
          description
            "Add interface index to DHCPv6 interface identifier";
        }

        leaf use-interface-name {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface name";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface name";
            }
          }
          description
            "Add interface name to DHCPv6 remote identifier";
        }

        leaf use-interface-description {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Add interface description to DHCPv6 interface identifier";
        }

        leaf use-string {
          junos:must "(!(".. use-interface-description"))";
          junos:must-message "use-string and use-interface-description cannot be configured together";
          type string;
          description
            "Add custom string to DHCPv6 interface identifier";
        }
      }  // container option-18

      container option-16 {
        presence "enable option-16";
        description
          "Configure DHCPv6 vendor class identifier option. Overwrite if exists";
        uses apply-advanced;

        leaf use-string {
          type string;
          description
            "Add custom string to DHCPv6 vendor identifier";
        }
      }  // container option-16

      leaf option-79 {
        junos:must "(".. .. light-weight-dhcpv6-relay")";
        junos:must-message "Option-79 can be configured only on LDRAs";
        type empty;
        description
          "Configure DHCPv6 client link layer address option";
      }
    }  // grouping security-dhcpv6-options-type

    grouping security-group-vpn {
      uses apply-advanced;

      container member {
        junos:must "(!(".. server"))";
        junos:must-message "Configuring both group-vpn server and group-vpn member is not supported";
        description
          "Group VPN member configuration";
        uses gvpn-member;
      }  // container member

      container server {
        junos:must "(!(".. member"))";
        junos:must-message "Configuring both group-vpn server and group-vpn member is not supported";
        description
          "Group VPN server configuration";
        uses gvpn-server;
      }  // container server
    }  // grouping security-group-vpn

    grouping gvpn-member {
      uses apply-advanced;

      container ike {
        description
          "Group VPN IKE configuration";
        uses gvpn-member-ike;
      }  // container ike

      container ipsec {
        description
          "Group VPN IPsec configuration";
        uses gvpn-member-ipsec-vpn;
      }  // container ipsec
    }  // grouping gvpn-member

    grouping gvpn-member-ike {
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for Group VPN Member";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        leaf level {
          type enumeration {
            enum "error" {
              value 0;
              description
                "Match error conditions";
            }
            enum "warning" {
              value 1;
              description
                "Match warning messages";
            }
            enum "notice" {
              value 2;
              description
                "Match conditions that should be handled specially";
            }
            enum "info" {
              value 3;
              description
                "Match informational messages";
            }
            enum "verbose" {
              value 4;
              description
                "Match verbose messages";
            }
            enum "all" {
              value 5;
              description "Match all levels";
            }
          }
          default "error";
          description
            "Level of debugging output";
        }

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "timer" {
                value 0;
                description
                  "Trace internal timer events";
              }
              enum "routing-socket" {
                value 1;
                description
                  "Trace routing socket messages";
              }
              enum "parse" {
                value 2;
                description
                  "Trace configuration processing";
              }
              enum "config" {
                value 3;
                description
                  "Trace configuration download processing";
              }
              enum "ike" {
                value 4;
                description
                  "Trace IKE module processing";
              }
              enum "policy-manager" {
                value 5;
                description
                  "Trace policy manager processing";
              }
              enum "general" {
                value 6;
                description
                  "Trace general events";
              }
              enum "database" {
                value 7;
                description
                  "Trace security associations database events";
              }
              enum "certificates" {
                value 8;
                description
                  "Trace certificate events";
              }
              enum "snmp" {
                value 9;
                description
                  "Trace SNMP operations";
              }
              enum "thread" {
                value 10;
                description
                  "Trace thread processing";
              }
              enum "high-availability" {
                value 11;
                description
                  "Trace high-availability operations";
              }
              enum "next-hop-tunnels" {
                value 12;
                description
                  "Trace next-hop-tunnels operations";
              }
              enum "all" {
                value 13;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag

        container gateway-filter {
          description
            "Set gateway filter for trace";
          uses apply-advanced;

          leaf local-address {
            type jt:ipv4addr;
            description
              "Use an IP address to identify the local gateway";
          }

          leaf remote-address {
            type jt:ipv4addr;
            description
              "Use an IP address to identify the remote gateway";
          }
        }  // container gateway-filter
      }  // container traceoptions

      list proposal {
        key "name";
        ordered-by user;
        description "Define an IKE proposal";
        uses gvpn-member-ike-proposal;
      }  // list proposal

      list policy {
        key "name";
        ordered-by user;
        description "Define an IKE policy";
        uses gvpn-ike-policy;
      }  // list policy

      list gateway {
        key "name";
        ordered-by user;
        description "Define an IKE gateway";
        leaf name {
          junos:must "(!("security ike gateway $$"))";
          junos:must-message "Gateway already defined under [security ike]";
          type string {
            length "1 .. 32";
          }
          description
            "Label for the remote (peer) gateway";
        }

        uses apply-advanced;

        leaf ike-policy {
          junos:must "("security group-vpn member ike policy $$")";
          junos:must-message "Referenced IKE policy must be defined under [edit security group-vpn member ike policy]";
          type string {
            length "1 .. 32";
          }
          description
            "Name of the IKE policy";
        }

        leaf-list server-address {
          type jt:ipv4addr;
          max-elements 4;
          ordered-by user;
          description
            "Server Addresses upto 4";
        }

        container local-identity {
          description
            "Set the local IKE identity";
          choice identity-type {
            container inet {
              description
                "Use an IPv4 address";
              uses apply-advanced;

              leaf identity-ipv4 {
                type jt:ipv4addr;
                description
                  "The local IPv4 identity";
              }
            }  // container inet
            container hostname {
              description
                "Use a fully-qualified domain name";
              uses apply-advanced;

              leaf identity-hostname {
                type string;
                description
                  "The local hostname";
              }
            }  // container hostname
            container user-at-hostname {
              description
                "Use an e-mail address";
              uses apply-advanced;

              leaf identity-user {
                type string;
                description
                  "The local user-FQDN";
              }
            }  // container user-at-hostname
          }  // choice identity-type
        }  // container local-identity

        container remote-identity {
          description
            "Set the remote IKE identity";
          choice identity-type {
            container inet {
              description
                "Use an IPv4 address";
              uses apply-advanced;

              leaf identity-ipv4 {
                type jt:ipv4addr;
                description
                  "The remote IPv4 identity";
              }
            }  // container inet
            container hostname {
              description
                "Use a fully-qualified domain name";
              uses apply-advanced;

              leaf identity-hostname {
                type string;
                description
                  "The remote hostname";
              }
            }  // container hostname
            container user-at-hostname {
              description
                "Use an e-mail address";
              uses apply-advanced;

              leaf identity-user {
                type string;
                description
                  "The remote user-FQDN";
              }
            }  // container user-at-hostname
          }  // choice identity-type
        }  // container remote-identity

        leaf local-address {
          junos:must "(!(any "security group-vpn member ike gateway <*> server-address $$"))";
          junos:must-message "Member can not have the same local address as server";
          type jt:ipv4addr;
          description
            "Local IPv4 address for group member";
        }

        leaf routing-instance {
          junos:must "("routing-instances $$")";
          junos:must-message "Referenced routing-instance must be defined";
          type string;
          default "default";
          description
            "Name of routing instance that hosts local address";
        }
      }  // list gateway
    }  // grouping gvpn-member-ike

    grouping gvpn-ike-policy {
      leaf name {
        junos:must "((".. proposals" || ".. proposal-set"))";
        junos:must-message "IKE policy must have either proposals or proposal-set configured";
        junos:must "(((".. certificate local-certificate" || ".. pre-shared-key") && !((".. certificate local-certificate" && ".. pre-shared-key"))))";
        junos:must-message "IKE policy must have either local certificate or pre-shared key configured";
        type string {
          length "1 .. 32";
        }
        description "Name of policy";
      }

      uses apply-advanced;

      leaf mode {
        type enumeration {
          enum "main" {
            value 0;
            description "Main mode";
          }
          enum "aggressive" {
            value 1;
            description "Aggressive mode";
          }
        }
        default "main";
        description
          "Define the IKE mode for Phase 1";
      }

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IKE policy";
      }

      leaf-list proposals {
        junos:must "(".. .. .. proposal $$")";
        junos:must-message "Referenced proposal is not defined";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        ordered-by user;
        description "Name of the proposal";
      }

      container pre-shared-key {
        description "Define a preshared key";
        choice key-choice {
          leaf ascii-text {
            type string {
              length "1 .. 255";
            }
            description "Format as text";
          }
          leaf hexadecimal {
            type string {
              junos:posix-pattern "^[[:xdigit:]]+$";
              junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
              length "1 .. 255";
            }
            description
              "Format as hexadecimal";
          }
        }  // choice key-choice
      }  // container pre-shared-key
    }  // grouping gvpn-ike-policy

    grouping gvpn-member-ike-proposal {
      leaf name {
        type string {
          length "1 .. 32";
        }
        description
          "Name of the IKE proposal";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IKE proposal";
      }

      leaf authentication-method {
        type enumeration {
          enum "pre-shared-keys" {
            value 0;
            description "Preshared keys";
          }
        }
        description
          "Define authentication method";
      }

      leaf dh-group {
        type enumeration {
          enum "group14" {
            value 0;
            description
              "Diffie-Hellman Group 14";
          }
          enum "group24" {
            value 1;
            description
              "Diffie-Hellman Group 24";
          }
        }
        description
          "Define Diffie-Hellman group";
      }

      leaf authentication-algorithm {
        type enumeration {
          enum "sha-256" {
            value 0;
            description
              "SHA 256-bit authentication algorithm";
          }
          enum "sha-384" {
            value 1;
            description
              "SHA 384-bit authentication algorithm";
          }
        }
        description
          "Define authentication algorithm";
      }

      leaf encryption-algorithm {
        type enumeration {
          enum "aes-128-cbc" {
            value 0;
            description
              "AES-CBC 128-bit encryption algorithm";
          }
          enum "aes-192-cbc" {
            value 1;
            description
              "AES-CBC 192-bit encryption algorithm";
          }
          enum "aes-256-cbc" {
            value 2;
            description
              "AES-CBC 256-bit encryption algorithm";
          }
        }
        description
          "Define encryption algorithm";
      }

      leaf lifetime-seconds {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "180 .. 86400";
          }
        }
        units "seconds";
        default "180";
        description "Lifetime, in seconds";
      }
    }  // grouping gvpn-member-ike-proposal

    grouping gvpn-member-ipsec-vpn {
      uses apply-advanced;

      list vpn {
        key "name";
        ordered-by user;
        description "Define an IPSec VPN";
        uses ipsec-gvpn-member-template;
      }  // list vpn
    }  // grouping gvpn-member-ipsec-vpn

    grouping gvpn-server {
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for Group VPN debug";
        uses gvpn-server-traceoptions;
      }  // container traceoptions

      container ike {
        description
          "Group VPN IKE configuration";
        uses gvpn-server-ike;
      }  // container ike

      container ipsec {
        description
          "Group VPN IPsec configuration";
        uses gvpn-server-ipsec-vpn;
      }  // container ipsec

      list group {
        key "name";
        max-elements 50;
        ordered-by user;
        description
          "Define a Group VPN group";
        uses gvpn-server-group-template;
      }  // list group
    }  // grouping gvpn-server

    grouping gvpn-server-group-template {
      description
        "Configure a Group VPN group";
      leaf name {
        type string {
          length "1 .. 32";
        }
        description "Name of the group";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of Group VPN group";
      }

      leaf group-id {
        junos:must "((".. no-group-check" || unique "security group-vpn server group <*> group-id $$"))";
        junos:must-message "Group id must be unique among groups";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Enable Group VPN by defining group id";
      }

      leaf member-threshold {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Maximum number of members in this group";
      }

      container server-cluster {
        description
          "Enable server cluster for this group";
        uses gvpn-server-cluster;
      }  // container server-cluster

      list ike-gateway {
        key "name";
        ordered-by user;
        description
          "Name of the IKE gateway";
        uses gvpn-server-ike-gateway;
      }  // list ike-gateway

      leaf activation-time-delay {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 900";
          }
        }
        default "15";
        status deprecated;
        description
          "Configure delay in seconds for Group VPN key activation";
      }

      leaf anti-replay-time-window {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 60000";
          }
        }
        description
          "Configure Anti Replay time in milliseconds";
      }

      container server-member-communication {
        description
          "Configure Server to Member communication parameters";
        uses gvpn-server-member-communication;
      }  // container server-member-communication

      list ipsec-sa {
        key "name";
        ordered-by user;
        description
          "Define a Group VPN group SA";
        uses gvpn-server-group-ipsecsa;
      }  // list ipsec-sa
    }  // grouping gvpn-server-group-template

    grouping gvpn-server-cluster {
      description
        "Server-Cluster for group VPN";
      uses apply-advanced;

      leaf server-role {
        type enumeration {
          enum "root-server" {
            value 0;
            description "Root-server";
          }
          enum "sub-server" {
            value 1;
            description "Sub-server";
          }
        }
        description
          "Primary or backup server";
      }

      list ike-gateway {
        key "name";
        ordered-by user;
        description
          "Name of the IKE gateway";
        uses gvpn-server-ike-gateway-sc;
      }  // list ike-gateway

      leaf retransmission-period {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 60";
          }
        }
        default "10";
        description
          "Configure retransmission period in seconds Default :10";
      }
    }  // grouping gvpn-server-cluster

    grouping gvpn-server-group-ipsecsa {
      description
        "Configure a Group VPN group SA";
      leaf name {
        type string {
          length "1 .. 32";
        }
        description "Name of the SA";
      }

      uses apply-advanced;

      leaf proposal {
        junos:must "("security group-vpn server ipsec proposal $$")";
        junos:must-message "Referenced proposal is not defined";
        type string {
          length "1 .. 32";
        }
        description
          "Name of the IPsec proposal";
      }

      list match-policy {
        key "name";
        max-elements 10;
        ordered-by user;
        description
          "Configure a Group VPN group SA";
        uses gvpn-server-group-ipsecsa-match;
      }  // list match-policy
    }  // grouping gvpn-server-group-ipsecsa

    grouping gvpn-server-group-ipsecsa-match {
      description
        "Configure a Group VPN group SA policy";
      leaf name {
        type string {
          length "1 .. 32";
        }
        description "Name of the policy";
      }

      uses apply-advanced;

      leaf source {
        type jt:ipv4prefix-mandatory;
        description
          "Specify the source IP address to be matched (0.0.0.0/0 for any)";
      }

      leaf destination {
        type jt:ipv4prefix-mandatory;
        description
          "Specify the destination IP address to be matched (0.0.0.0/0 for any)";
      }

      leaf source-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Specify the source port to be matched (0 for any)";
      }

      leaf destination-port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Specify the destination port to be matched (0 for any)";
      }

      leaf protocol {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 254";
          }
        }
        description
          "Specify the protocol number to be matched (0 for any)";
      }
    }  // grouping gvpn-server-group-ipsecsa-match

    grouping gvpn-server-ike {
      uses apply-advanced;

      list proposal {
        key "name";
        ordered-by user;
        description "Define an IKE proposal";
        uses gvpn-server-ike-proposal;
      }  // list proposal

      list policy {
        key "name";
        ordered-by user;
        description "Define an IKE policy";
        uses gvpn-ike-policy;
      }  // list policy

      list gateway {
        key "name";
        ordered-by user;
        description "Define an IKE gateway";
        leaf name {
          type string {
            length "1 .. 32";
          }
          description
            "Label for the remote (peer) gateway";
        }

        uses apply-advanced;

        leaf ike-policy {
          junos:must "(!(("security group-vpn server ike policy $$ mode main" && ("security group-vpn server ike policy $$ pre-shared-key" && ".. dynamic"))))";
          junos:must-message "Main mode for dynamic peer with Preshared key based authentication is not allowed";
          junos:must "("security group-vpn server ike policy $$")";
          junos:must-message "Referenced IKE policy must be defined under [edit security group-vpn server ike policy]";
          type string {
            length "1 .. 32";
          }
          description
            "Name of the IKE policy";
        }

        choice remote-identifier {
          leaf address {
            type string {
              length "1 .. 32";
            }
            description "IP address of peer";
          }
          container dynamic {
            description
              "Site to site peer with dynamic IP address";
            uses apply-advanced;

            choice remote-id-type {
              leaf hostname {
                type string;
                description
                  "Use a fully-qualified domain name";
              }
              leaf inet {
                type jt:ipv4addr;
                description
                  "Use an IPV4 address to identify the dynamic peer";
              }
              leaf user-at-hostname {
                type string;
                description
                  "Use an e-mail address";
              }
            }  // choice remote-id-type
          }  // container dynamic
        }  // choice remote-identifier

        container dead-peer-detection {
          presence
            "enable dead-peer-detection";
          description
            "Enable Dead Peer Detection between group-server-cluster servers";
          uses apply-advanced;

          choice mode {
            leaf always-send {
              type empty;
              description
                "Send probes periodically regardless of incoming and outgoing data traffic ";
            }
          }  // choice mode

          leaf interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "10 .. 60";
              }
            }
            units "seconds";
            default "10";
            description
              "The time between DPD probe messages  Default :10";
          }

          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 5";
              }
            }
            default "5";
            description
              "Maximum number of DPD retransmissions Default :5";
          }
        }  // container dead-peer-detection

        container local-identity {
          description
            "Set the local IKE identity";
          choice identity-type {
            container inet {
              description
                "Use an IPv4 address";
              uses apply-advanced;

              leaf identity-ipv4 {
                type jt:ipv4addr;
                description
                  "The local IPv4 identity";
              }
            }  // container inet
            container hostname {
              description
                "Use a fully-qualified domain name";
              uses apply-advanced;

              leaf identity-hostname {
                type string;
                description
                  "The local hostname";
              }
            }  // container hostname
            container user-at-hostname {
              description
                "Use an e-mail address";
              uses apply-advanced;

              leaf identity-user {
                type string;
                description
                  "The local user-FQDN";
              }
            }  // container user-at-hostname
          }  // choice identity-type
        }  // container local-identity

        container remote-identity {
          junos:must "(!(".. dynamic"))";
          junos:must-message "Since the remote gateway is dynamic, Define remote identity under dynamic";
          description
            "Set the remote IKE identity";
          choice identity-type {
            container inet {
              description
                "Use an IPv4 address";
              uses apply-advanced;

              leaf identity-ipv4 {
                type jt:ipv4addr;
                description
                  "The remote IPv4 identity";
              }
            }  // container inet
            container hostname {
              description
                "Use a fully-qualified domain name";
              uses apply-advanced;

              leaf identity-hostname {
                type string;
                description
                  "The remote hostname";
              }
            }  // container hostname
            container user-at-hostname {
              description
                "Use an e-mail address";
              uses apply-advanced;

              leaf identity-user {
                type string;
                description
                  "The remote user-FQDN";
              }
            }  // container user-at-hostname
          }  // choice identity-type
        }  // container remote-identity

        leaf local-address {
          type jt:ipaddr;
          description
            "Local IP address for IKE negotiations";
        }

        leaf routing-instance {
          junos:must "("routing-instances $$")";
          junos:must-message "Referenced routing-instance must be defined";
          type string;
          default "default";
          description
            "Name of routing instance that hosts local address";
        }
      }  // list gateway
    }  // grouping gvpn-server-ike

    grouping gvpn-server-ike-gateway {
      description
        "Configure a set of IKE gateways";
      leaf name {
        junos:must "(!("security group-vpn server ike gateway $$ dead-peer-detection"))";
        junos:must-message "Referenced IKE gateway must NOT be defined with dead-peer-detection";
        junos:must "("security group-vpn server ike gateway $$")";
        junos:must-message "Referenced IKE gateway must be defined under [edit security group-vpn server ike gateway]";
        type string {
          length "1 .. 32";
        }
        description
          "Name of the IKE gateway";
      }

      uses apply-advanced;
    }  // grouping gvpn-server-ike-gateway

    grouping gvpn-server-ike-gateway-sc {
      description
        "Configure a set of IKE gateways";
      leaf name {
        junos:must "(!("security group-vpn server ike gateway $$ dynamic"))";
        junos:must-message "Referenced IKE gateway must not be dynamic gateway";
        junos:must "("security group-vpn server ike gateway $$ dead-peer-detection always-send")";
        junos:must-message "Referenced IKE gateway must be defined with dead-peer-detection always-send mode";
        type string {
          length "1 .. 32";
        }
        description
          "Name of the IKE gateway";
      }

      uses apply-advanced;
    }  // grouping gvpn-server-ike-gateway-sc

    grouping gvpn-server-ike-proposal {
      leaf name {
        type string {
          length "1 .. 32";
        }
        description
          "Name of the IKE proposal";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IKE proposal";
      }

      leaf authentication-method {
        type enumeration {
          enum "pre-shared-keys" {
            value 0;
            description "Preshared keys";
          }
        }
        description
          "Define authentication method";
      }

      leaf authentication-algorithm {
        type enumeration {
          enum "sha-256" {
            value 0;
            description
              "SHA 256-bit authentication algorithm";
          }
          enum "sha-384" {
            value 1;
            description
              "SHA 384-bit authentication algorithm";
          }
        }
        description
          "Define authentication algorithm";
      }

      leaf dh-group {
        type enumeration {
          enum "group14" {
            value 0;
            description
              "Diffie-Hellman Group 14";
          }
          enum "group24" {
            value 1;
            description
              "Diffie-Hellman Group 24";
          }
        }
        description
          "Define Diffie-Hellman group";
      }

      leaf encryption-algorithm {
        type enumeration {
          enum "aes-128-cbc" {
            value 0;
            description
              "AES-CBC 128-bit encryption algorithm";
          }
          enum "aes-192-cbc" {
            value 1;
            description
              "AES-CBC 192-bit encryption algorithm";
          }
          enum "aes-256-cbc" {
            value 2;
            description
              "AES-CBC 256-bit encryption algorithm";
          }
        }
        description
          "Define encryption algorithm";
      }
    }  // grouping gvpn-server-ike-proposal

    grouping gvpn-server-ipsec-vpn {
      uses apply-advanced;

      list proposal {
        key "name";
        ordered-by user;
        description
          "Define an IPSec proposal";
        uses gvpn-server-ipsec-proposal;
      }  // list proposal
    }  // grouping gvpn-server-ipsec-vpn

    grouping gvpn-server-ipsec-proposal {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        description
          "Name of the IPSec proposal";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IPSec proposal";
      }

      leaf authentication-algorithm {
        type enumeration {
          enum "hmac-sha-256-128" {
            value 0;
            description
              "HMAC-SHA-256-128 authentication algorithm";
          }
        }
        description
          "Define authentication algorithm";
      }

      leaf encryption-algorithm {
        type enumeration {
          enum "aes-128-cbc" {
            value 0;
            description
              "AES-CBC 128-bit encryption algorithm";
          }
          enum "aes-192-cbc" {
            value 1;
            description
              "AES-CBC 192-bit encryption algorithm";
          }
          enum "aes-256-cbc" {
            value 2;
            description
              "AES-CBC 256-bit encryption algorithm";
          }
        }
        description
          "Define encryption algorithm";
      }

      leaf lifetime-seconds {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "180 .. 86400";
          }
        }
        units "seconds";
        description "Lifetime, in seconds";
      }
    }  // grouping gvpn-server-ipsec-proposal

    grouping gvpn-server-member-communication {
      description
        "Group VPN Server to Member communication";
      uses apply-advanced;

      leaf communication-type {
        type enumeration {
          enum "unicast" {
            value 0;
            description "Unicast";
          }
        }
        description
          "Define type of server member communication";
      }

      leaf lifetime-seconds {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "300 .. 86400";
          }
        }
        default "3600";
        description
          "Configure lifetime in seconds";
      }

      leaf retransmission-period {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 60";
          }
        }
        default "10";
        description
          "Configure retransmission period in seconds";
      }

      leaf number-of-retransmission {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 60";
          }
        }
        default "2";
        description
          "Configure maximum number of retransmission attempts";
      }

      leaf heartbeat {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "60 .. 3600";
          }
        }
        default "300";
        status deprecated;
        description
          "Configure heartbeat period in seconds";
      }

      leaf encryption-algorithm {
        type enumeration {
          enum "aes-128-cbc" {
            value 0;
            description
              "AES-CBC 128-bit encryption algorithm";
          }
          enum "aes-192-cbc" {
            value 1;
            description
              "AES-CBC 192-bit encryption algorithm";
          }
          enum "aes-256-cbc" {
            value 2;
            description
              "AES-CBC 256-bit encryption algorithm";
          }
        }
        description
          "Define encryption algorithm";
      }

      leaf sig-hash-algorithm {
        type enumeration {
          enum "sha-256" {
            value 0;
            description
              "SHA 256-bit sig-hash algorithm";
          }
          enum "sha-384" {
            value 1;
            description
              "SHA 384-bit sig-hash algorithm";
          }
        }
        description
          "Define sig-hash algorithm";
      }

      leaf certificate {
        type string {
          junos:posix-pattern "^.{1,32}$";
          junos:pattern-message "Must be string of 32 characters or less";
        }
        description "Certificate identifier";
      }
    }  // grouping gvpn-server-member-communication

    grouping gvpn-server-traceoptions {
      description
        "Group VPN server tracing options";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf level {
        type enumeration {
          enum "error" {
            value 0;
            description
              "Match error conditions";
          }
          enum "warning" {
            value 1;
            description
              "Match warning messages";
          }
          enum "notice" {
            value 2;
            description
              "Match conditions that should be handled specially";
          }
          enum "info" {
            value 3;
            description
              "Match informational messages";
          }
          enum "verbose" {
            value 4;
            description
              "Match verbose messages";
          }
          enum "all" {
            value 5;
            description "Match all levels";
          }
        }
        default "error";
        description
          "Level of debugging output";
      }

      list flag {
        key "name";
        ordered-by user;
        description
          "Tracing parameters for GKSD";
        leaf name {
          type enumeration {
            enum "timer" {
              value 0;
              description
                "Trace internal timer events";
            }
            enum "routing-socket" {
              value 1;
              description
                "Trace routing socket messages";
            }
            enum "parse" {
              value 2;
              description
                "Trace configuration processing";
            }
            enum "config" {
              value 3;
              description
                "Trace configuration download processing";
            }
            enum "ike" {
              value 4;
              description
                "Trace IKE module processing";
            }
            enum "policy-manager" {
              value 5;
              description
                "Trace policy manager processing";
            }
            enum "general" {
              value 6;
              description
                "Trace general events";
            }
            enum "database" {
              value 7;
              description
                "Trace security associations database events";
            }
            enum "certificates" {
              value 8;
              description
                "Trace certificate events";
            }
            enum "snmp" {
              value 9;
              description
                "Trace SNMP operations";
            }
            enum "thread" {
              value 10;
              description
                "Trace thread processing";
            }
            enum "high-availability" {
              value 11;
              description
                "Trace high-availability operations";
            }
            enum "next-hop-tunnels" {
              value 12;
              description
                "Trace next-hop-tunnels operations";
            }
            enum "all" {
              value 13;
              description "Trace everything";
            }
          }
        }
      }  // list flag

      container gateway-filter {
        description
          "Set gateway filter for trace";
        uses apply-advanced;

        leaf local-address {
          type jt:ipv4addr;
          description
            "Use an IPV4 address to identify the local gateway";
        }

        leaf remote-address {
          type jt:ipv4addr;
          description
            "Use an IPV4 address to identify the remote gateway";
        }
      }  // container gateway-filter
    }  // grouping gvpn-server-traceoptions

    grouping ipsec-gvpn-member-template {
      description "Configure a Group VPN";
      leaf name {
        junos:must "(!("security ipsec vpn $$"))";
        junos:must-message "VPN already defined under [security ipsec]";
        type string {
          length "1 .. 32";
        }
        description "Name of the VPN";
      }

      uses apply-advanced;

      leaf ike-gateway {
        junos:must "("security group-vpn member ike gateway $$")";
        junos:must-message "Referenced IKE gateway must be defined under [edit security group-vpn member ike gateway]";
        type string {
          length "1 .. 32";
        }
        description "Name of IKE gateway";
      }

      leaf group-vpn-external-interface {
        junos:must "(!("interfaces $$ family bridge"))";
        junos:must-message "Bridge interface is not allowed as external-interface";
        junos:must "("interfaces $$-IFL")";
        junos:must-message "Referenced interface must be configured under [edit interfaces] hierarchy";
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "External interface for Group VPN";
      }

      leaf group {
        junos:must "((".. no-group-check" || unique "security group-vpn member ipsec vpn <*> group $$"))";
        junos:must-message "Group id must be unique among group vpns";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Enable Group VPN by defining group id";
      }

      leaf heartbeat-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 10";
          }
        }
        default "3";
        status deprecated;
        description
          "Define heartbeat threshold for Group VPN";
      }

      leaf recovery-probe {
        type empty;
        description
          "Enable triggering recovery probe mechanism";
      }

      leaf df-bit {
        type enumeration {
          enum "clear" {
            value 0;
            description
              "Clear DF bit of outer header";
          }
          enum "set" {
            value 1;
            description
              "Set DF bit of outer header";
          }
          enum "copy" {
            value 2;
            description
              "Copy DF bit from inner header";
          }
        }
        default "clear";
        description
          "Specifies how to handle the Don't Fragment bit";
      }

      container fail-open {
        description
          "List of fail open rules";
        uses ipsec_gvpn_fail_open_rule_object;
      }  // container fail-open

      container exclude {
        description "List of exclude rules";
        uses ipsec_gvpn_exclude_rule_object;
      }  // container exclude
    }  // grouping ipsec-gvpn-member-template

    grouping ipsec_gvpn_exclude_rule_object {
      uses apply-advanced;

      list rule {
        key "name";
        max-elements 10;
        ordered-by user;
        description
          "Define exlude rules upto 10";
        uses ipsec_gvpn_rule_address_object;
      }  // list rule
    }  // grouping ipsec_gvpn_exclude_rule_object

    grouping ipsec_gvpn_fail_open_rule_object {
      uses apply-advanced;

      list rule {
        key "name";
        max-elements 10;
        ordered-by user;
        description
          "Define fail open rules upto 10";
        uses ipsec_gvpn_rule_address_object;
      }  // list rule
    }  // grouping ipsec_gvpn_fail_open_rule_object

    grouping ipsec_gvpn_rule_address_object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Rule name";
      }

      uses apply-advanced;

      container source-address {
        presence "enable source-address";
        description
          "Match IP source address";
        uses ipsec_gvpn_addr_object;
      }  // container source-address

      container destination-address {
        presence
          "enable destination-address";
        description
          "Match IP destination address";
        uses ipsec_gvpn_addr_object;
      }  // container destination-address

      leaf application {
        junos:must "("applications application $$")";
        junos:must-message "Application must be defined";
        type string;
        description "Match application";
      }
    }  // grouping ipsec_gvpn_rule_address_object

    grouping ipsec_gvpn_addr_object {
      uses apply-advanced;

      leaf address {
        type jt:ipv4prefix-only;
        description "Prefix to match";
      }
    }  // grouping ipsec_gvpn_addr_object

    grouping security-ike {
      uses apply-advanced;

      container traceoptions {
        description
          "Trace options for IPSec key management";
        uses security-traceoptions;
      }  // container traceoptions

      container respond-bad-spi {
        presence "enable respond-bad-spi";
        description
          "Respond to IPSec packets with bad SPI values";
        leaf max-responses {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 30";
            }
          }
          default "5";
          description
            "Maximum number of times to respond";
        }
      }  // container respond-bad-spi

      list proposal {
        key "name";
        ordered-by user;
        description "Define an IKE proposal";
        uses ike-proposal;
      }  // list proposal

      list policy {
        key "name";
        ordered-by user;
        description "Define an IKE policy";
        uses ike-policy;
      }  // list policy

      list gateway {
        key "name";
        ordered-by user;
        description "Define an IKE gateway";
        leaf name {
          type string {
            length "1 .. 32";
          }
          description
            "Label for the remote (peer) gateway";
        }

        uses apply-advanced;

        leaf ike-policy {
          junos:must "(!(("security ike policy $$ reauth-frequency" && ".. aaa access-profile")))";
          junos:must-message "Reauth is not allowed with AAA access profile.";
          junos:must "(!((".. version v2-only" && ("security ike policy $$ pre-shared-key" && ".. dynamic ike-user-type"))))";
          junos:must-message "When dynamic ike-user-type is configured, IKEv2 with authentication-method pre-shared-key is not allowed";
          junos:must "(!(("security ike policy $$ mode main" && ("security ike policy $$ pre-shared-key" && ".. dynamic"))))";
          junos:must-message "Main mode for dynamic peer with Preshared key based authentication is not allowed";
          junos:must "("security ike policy $$")";
          junos:must-message "Referenced IKE policy must be defined under [edit security ike policy]";
          type string {
            length "1 .. 32";
          }
          description
            "Name of the IKE policy";
        }

        choice remote-identifier {
          leaf-list address {
            type string;
            ordered-by user;
            description
              "Addresses or hostnames of peer:1 primary, upto 4 backups";
          }
          container dynamic {
            description
              "Site to site peer with dynamic IP address";
            uses apply-advanced;

            choice remote-id-type {
              container distinguished-name {
                presence
                  "enable distinguished-name";
                description
                  "Use a distinguished name: ";
                uses apply-advanced;

                choice name-type {
                  leaf container {
                    type string;
                    description
                      "Specify the container string";
                  }
                  leaf wildcard {
                    type string;
                    description
                      "Specify the wildcard string";
                  }
                }  // choice name-type
              }  // container distinguished-name
              leaf hostname {
                type string;
                description
                  "Use a fully-qualified domain name";
              }
              leaf inet {
                type jt:ipv4addr;
                description
                  "Use an IPV4 address to identify the dynamic peer";
              }
              leaf inet6 {
                type jt:ipv6addr;
                description
                  "Use an IPV6 address to identify the dynamic peer";
              }
              leaf user-at-hostname {
                type string;
                description
                  "Use an e-mail address";
              }
            }  // choice remote-id-type

            leaf connections-limit {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Maximum number of users connected to gateway";
            }

            leaf ike-user-type {
              type enumeration {
                enum "group-ike-id" {
                  value 0;
                  description
                    "Email address or FQDN shared as IKED ID by multiple users";
                }
                enum "shared-ike-id" {
                  junos:must "((" .. .. xauth" || " .. .. aaa"))";
                  junos:must-message "Need to configure aaa at [edit security ike gateway]";
                  value 1;
                  description
                    "Email address shared as IKED ID by multiple users";
                }
              }
              description
                "Type of the IKE ID";
            }

            leaf reject-duplicate-connection {
              junos:must "(((".. ike-user-type shared-ike-id" || ".. ike-user-type group-ike-id") && !(".. .. aaa")))";
              junos:must-message "Supported for shared-ike or group-ike and with non-AAA";
              type empty;
              description
                "Reject new connection from duplicate IKE-id";
            }
          }  // container dynamic
        }  // choice remote-identifier

        container dead-peer-detection {
          presence
            "enable dead-peer-detection";
          description
            "Enable Dead Peer Detection ";
          uses apply-advanced;

          choice mode {
            leaf optimized {
              type empty;
              description
                "Send probes only when there is outgoing and no incoming data traffic - RFC3706 (Default mode)";
            }
            leaf probe-idle-tunnel {
              type empty;
              description
                "Send probes same as in optimized mode and also when there is no outgoing & incoming data traffic";
            }
            leaf always-send {
              type empty;
              description
                "Send probes periodically regardless of incoming and outgoing data traffic ";
            }
          }  // choice mode

          leaf interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 60";
              }
            }
            units "seconds";
            default "10";
            description
              "The time between DPD probe messages  Default :10";
          }

          leaf threshold {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 5";
              }
            }
            default "5";
            description
              "Maximum number of DPD retransmissions Default :5";
          }
        }  // container dead-peer-detection

        leaf no-nat-traversal {
          type empty;
          description
            "Disable IPSec NAT traversal";
        }

        leaf nat-keepalive {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 300";
            }
          }
          units "seconds";
          default "20";
          description
            "Interval at which to send NAT keepalives";
        }

        container local-identity {
          description
            "Set the local IKE identity";
          choice identity-type {
            container inet {
              description
                "Use an IPv4 address";
              uses apply-advanced;

              leaf identity-ipv4 {
                type jt:ipv4addr;
                description
                  "The local IPv4 identity";
              }
            }  // container inet
            container inet6 {
              description
                "Use an IPv6 address";
              uses apply-advanced;

              leaf identity-ipv6 {
                type jt:ipv6addr;
                description
                  "The local IPv6 identity";
              }
            }  // container inet6
            container hostname {
              description
                "Use a fully-qualified domain name";
              uses apply-advanced;

              leaf identity-hostname {
                type string;
                description
                  "The local hostname";
              }
            }  // container hostname
            container user-at-hostname {
              description
                "Use an e-mail address";
              uses apply-advanced;

              leaf identity-user {
                type string;
                description
                  "The local user-FQDN";
              }
            }  // container user-at-hostname
            leaf distinguished-name {
              type empty;
              description
                "Use a distinguished name specified in local certificate";
            }
            container key-id {
              description
                "Key ID identification values in ASCII string";
              uses apply-advanced;

              leaf string-key-id {
                type string {
                  length "1 .. 127";
                }
                description
                  "Key ID in ASCII string";
              }
            }  // container key-id
          }  // choice identity-type
        }  // container local-identity

        container remote-identity {
          junos:must "(!(".. dynamic"))";
          junos:must-message "Since the remote gateway is dynamic, Define remote identity under dynamic";
          description
            "Set the remote IKE identity";
          choice identity-type {
            container inet {
              description
                "Use an IPv4 address";
              uses apply-advanced;

              leaf identity-ipv4 {
                type jt:ipv4addr;
                description
                  "The remote IPv4 identity";
              }
            }  // container inet
            container inet6 {
              description
                "Use an IPv6 address";
              uses apply-advanced;

              leaf identity-ipv6 {
                type jt:ipv6addr;
                description
                  "The remote IPv6 identity";
              }
            }  // container inet6
            container hostname {
              description
                "Use a fully-qualified domain name";
              uses apply-advanced;

              leaf identity-hostname {
                type string;
                description
                  "The remote hostname";
              }
            }  // container hostname
            container user-at-hostname {
              description
                "Use an e-mail address";
              uses apply-advanced;

              leaf identity-user {
                type string;
                description
                  "The remote user-FQDN";
              }
            }  // container user-at-hostname
            container distinguished-name {
              presence
                "enable distinguished-name";
              description
                "Use a distinguished name: ";
              uses apply-advanced;

              leaf container {
                type string;
                description
                  "Specify the container string";
              }

              leaf wildcard {
                type string;
                description
                  "Specify the wildcard string";
              }
            }  // container distinguished-name
            container key-id {
              description
                "Key ID identification values in string";
              uses apply-advanced;

              leaf string-key-id {
                type string {
                  length "1 .. 127";
                }
                description
                  "Key ID in ASCII string";
              }
            }  // container key-id
          }  // choice identity-type
        }  // container remote-identity

        leaf external-interface {
          junos:must "(!("interfaces $$ family bridge"))";
          junos:must-message "Bridge interface is not allowed as external-interface";
          junos:must "("interfaces $$-IFL")";
          junos:must-message "Referenced interface must be configured under [edit interfaces] hierarchy";
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "External interface for IKE negotiations";
        }

        leaf local-address {
          type jt:ipaddr;
          description
            "Local IP address for IKE negotiations";
        }

        container aaa {
          junos:must "(!(".. xauth"))";
          junos:must-message "Keyword aaa is a replacement to xauth.";
          description
            "Use extended authentication";
          uses apply-advanced;

          list access-profile {
            key "name";
            max-elements 1;
            ordered-by user;
            description
              "Access profile information";
            uses access-profile-template;
          }  // list access-profile

          container client {
            description
              "AAA client info for authentication";
            leaf username {
              junos:must "(!(" .. .. .. version v2-only"))";
              junos:must-message "AAA client is supported for IKEv1 only, not IKEv2.";
              type string {
                length "1 .. 128";
              }
              description
                "AAA client username with 1 to 128 characters";
            }

            leaf password {
              junos:must "(".. username")";
              junos:must-message "Username must be defined";
              type string {
                length "1 .. 128";
              }
              description
                "AAA client password with 1 to 128 characters";
            }
          }  // container client
        }  // container aaa

        container xauth {
          status deprecated;
          description
            "Use extended authentication";
          uses apply-advanced;

          leaf access-profile {
            junos:must "(!(" .. client"))";
            junos:must-message "Cannot configure a gateway to be xauth server and client at the same time.";
            junos:must "("access profile $$")";
            junos:must-message "access profile needs to be configured";
            type string;
            description
              "Access profile that contains authentication information";
          }

          container client {
            description
              "Xauth client info for authentication";
            leaf username {
              junos:must "(!(" .. .. .. version v2-only"))";
              junos:must-message "Xauth is supported for IKEv1 only, not IKEv2.";
              type string {
                length "1 .. 128";
              }
              description
                "XAuth client username with 1 to 128 characters";
            }

            leaf password {
              junos:must "(".. username")";
              junos:must-message "username must be defined";
              type string {
                length "1 .. 128";
              }
              description
                "XAuth client password with 1 to 128 characters";
            }
          }  // container client
        }  // container xauth

        leaf general-ikeid {
          junos:must "(!(".. remote-identity"))";
          junos:must-message "general-ikeid option is not allowed when remote-identity is configured";
          junos:must "(!(".. dynamic"))";
          junos:must-message "general-ikd-id option is not available for dynamic peer.";
          type empty;
          description
            "Accept peer IKE-ID in general";
        }

        container advpn {
          junos:must "((!(".. xauth") && !(".. aaa")))";
          junos:must-message "AAA not available with advpn enabled gateway";
          presence "enable advpn";
          description
            "Enable Auto Discovery VPN";
          uses advpn-suggester-partner;
        }  // container advpn

        leaf version {
          type enumeration {
            enum "v1-only" {
              value 0;
              description
                "The connection must be initiated using IKE version 1";
            }
            enum "v2-only" {
              value 1;
              description
                "The connection must be initiated using IKE version 2";
            }
          }
          default "v1-only";
          description
            "Negotiate using either IKE v1 or IKE v2 protocol";
        }

        container fragmentation {
          junos:must "(".. version v2-only")";
          junos:must-message "IKEv2 must be configured to use fragementation.";
          description
            "IKEv2 fragmentation configuration";
          uses apply-advanced;

          leaf disable {
            type empty;
            description
              "Disable IKEv2 fragmentation";
          }

          leaf size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "570 .. 1320";
              }
            }
            description
              "Default 576 bytes for ipv4 and 1280 bytes for ipv6";
          }
        }  // container fragmentation

        leaf tcp-encap-profile {
          junos:must "("security tcp-encap profile $$")";
          junos:must-message "Referenced tcp-encap profile must be defined";
          type string;
          description
            "Ike over tcp profile name";
        }
      }  // list gateway
    }  // grouping security-ike

    grouping access-profile-template {
      description
        "Configure an access profile";
      leaf name {
        junos:must "((!(".. .. .. dynamic") || ".. .. .. dynamic ike-user-type"))";
        junos:must-message "DEP is not allowed with XAUTH/AAA access profile.";
        junos:must "(!(".. .. .. address"))";
        junos:must-message "For site-to-site tunnels, aaa access-profile configuration is not allowed";
        junos:must "(!(" .. .. client"))";
        junos:must-message "Cannot configure a gateway to be XAUTH/AAA server and client at the same time.";
        junos:must "("access profile $$")";
        junos:must-message "Access profile needs to be configured";
        type string;
        description
          "Access profile name used to authenticate with XAUTH/AAA server";
      }

      uses apply-advanced;

      leaf config-payload-password {
        type string {
          length "1 .. 128";
        }
        description
          "Common client password for IKEv2 config-payload with 1 to 128 characters";
      }
    }  // grouping access-profile-template

    grouping advpn-suggester-partner {
      description
        "Configure ADVPN Suggester Partner";
      uses apply-advanced;

      container suggester {
        presence "enable suggester";
        description
          "Configure Shortcut Suggester parameters";
        uses apply-advanced;

        leaf disable {
          type empty;
          description
            "Disable Suggester capability";
        }
      }  // container suggester

      container partner {
        presence "enable partner";
        description
          "Configure Shortcut Partner parameters";
        uses apply-advanced;

        leaf connection-limit {
          junos:must "(!(".. .. .. dynamic"))";
          junos:must-message "ADVPN partner can only be configured on s2s gateway";
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Maximum number of shortcut connections (default: varies per platform)";
        }

        leaf idle-time {
          junos:must "(!(".. .. .. dynamic"))";
          junos:must-message "ADVPN partner can only be configured on s2s gateway";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "60 .. 86400";
            }
          }
          units "seconds";
          default "300";
          description
            "The duration (in sec) after which shortcut is torn down (default: 300 sec)";
        }

        leaf idle-threshold {
          junos:must "(!(".. .. .. dynamic"))";
          junos:must-message "ADVPN partner can only be configured on s2s gateway";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3 .. 5000";
            }
          }
          default "5";
          description
            "The packet rate below which shortcut is torn down (default: 5 packets/sec)";
        }

        leaf disable {
          type empty;
          description
            "Disable Partner capability";
        }
      }  // container partner
    }  // grouping advpn-suggester-partner

    grouping ike-policy {
      leaf name {
        junos:must "(((".. certificate local-certificate" || ".. pre-shared-key") && !((".. certificate local-certificate" && ".. pre-shared-key"))))";
        junos:must-message "IKE policy must have either local certificate or pre-shared key configured";
        type string {
          length "1 .. 32";
        }
        description "Name of policy";
      }

      uses apply-advanced;

      leaf mode {
        type enumeration {
          enum "main" {
            value 0;
            description "Main mode";
          }
          enum "aggressive" {
            value 1;
            description "Aggressive mode";
          }
        }
        default "main";
        description
          "Define the IKE mode for Phase 1";
      }

      leaf reauth-frequency {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        default "0";
        description
          "Re-auth Peer after reauth-frequency times hard lifetime. (0-100) Default:0=Disabled";
      }

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IKE policy";
      }

      leaf-list proposals {
        junos:must "(".. .. .. proposal $$")";
        junos:must-message "Referenced proposal is not defined";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        ordered-by user;
        description "Name of the proposal";
      }

      container certificate {
        description
          "Certificate configuration";
        uses apply-advanced;

        leaf local-certificate {
          type string {
            junos:posix-pattern "^.{1,32}$";
            junos:pattern-message "Must be string of 32 characters or less";
          }
          description
            "Local certificate identifier";
        }

        container trusted-ca {
          description
            "Specify the CA to use";
          choice ca {
            leaf ca-index {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              status deprecated;
              description
                "Index of the preferred CA to use";
            }
            leaf use-all {
              type empty;
              status deprecated;
              description
                "Use all configured CAs";
            }
            leaf ca-profile {
              junos:must "("security pki ca-profile $$")";
              junos:must-message "Referenced profile must be defined under [edit security pki ca-profile]";
              type string;
              description
                "Name of the preferred CA to use";
            }
            leaf trusted-ca-group {
              junos:must "("security pki trusted-ca-group $$")";
              junos:must-message "Referenced group must be defined under [edit security pki trusted-ca-group]";
              type string;
              description
                "Name of the preferred CA group to use";
            }
          }  // choice ca
        }  // container trusted-ca

        leaf peer-certificate-type {
          type enumeration {
            enum "pkcs7" {
              value 0;
              description "PKCS7 encoding";
            }
            enum "x509-signature" {
              value 1;
              description
                "X509 signature encoding";
            }
          }
          default "x509-signature";
          description
            "Preferred type of certificate from peer";
        }

        leaf-list policy-oids {
          type string {
            length "1 .. 63";
          }
          max-elements 5;
          ordered-by user;
          description
            "Certificate policy object identifiers (maximum 5)";
        }
      }  // container certificate

      leaf proposal-set {
        type enumeration {
          enum "basic" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 0;
            description
              "IKE proposal-set for basic";
          }
          enum "compatible" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 1;
            description
              "IKE proposal-set for compatible";
          }
          enum "standard" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 2;
            description
              "IKE proposal-set for standard";
          }
          enum "suiteb-gcm-128" {
            junos:must "((".. certificate local-certificate" && !(".. pre-shared-key")))";
            junos:must-message "Suite B proposal-sets require certificate-based authentication.";
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 3;
            description
              "IKE proposal-set for Suite-B-GCM-128";
          }
          enum "suiteb-gcm-256" {
            junos:must "((".. certificate local-certificate" && !(".. pre-shared-key")))";
            junos:must-message "Suite B proposal-sets require certificate-based authentication.";
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 4;
            description
              "IKE proposal-set for Suite-B-GCM-256";
          }
          enum "prime-128" {
            junos:must "((".. certificate local-certificate" && !(".. pre-shared-key")))";
            junos:must-message "PRIME proposal-sets require certificate-based authentication.";
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 5;
            description
              "IKE proposal-set for PRIME-128";
          }
          enum "prime-256" {
            junos:must "((".. certificate local-certificate" && !(".. pre-shared-key")))";
            junos:must-message "PRIME proposal-sets require certificate-based authentication.";
            junos:must "(!(".. proposals"))";
            junos:must-message "IKE policy must not have both proposals and proposal-set configured";
            value 6;
            description
              "IKE proposal-set for PRIME-256";
          }
        }
        description
          "Types of default IKE proposal-set";
      }

      container pre-shared-key {
        description "Define a preshared key";
        choice key-choice {
          leaf ascii-text {
            type string {
              length "1 .. 255";
            }
            description "Format as text";
          }
          leaf hexadecimal {
            type string {
              junos:posix-pattern "^[[:xdigit:]]+$";
              junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
              length "1 .. 255";
            }
            description
              "Format as hexadecimal";
          }
        }  // choice key-choice
      }  // container pre-shared-key
    }  // grouping ike-policy

    grouping ike-proposal {
      leaf name {
        type string {
          length "1 .. 32";
        }
        description
          "Name of the IKE proposal";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IKE proposal";
      }

      leaf authentication-method {
        type enumeration {
          enum "pre-shared-keys" {
            value 0;
            description "Preshared keys";
          }
          enum "rsa-signatures" {
            value 1;
            description "RSA signatures";
          }
          enum "dsa-signatures" {
            value 2;
            description "DSA signatures";
          }
          enum "ecdsa-signatures-256" {
            value 3;
            description
              "ECDSA signatures (256 bit modulus)";
          }
          enum "ecdsa-signatures-384" {
            value 4;
            description
              "ECDSA signatures (384 bit modulus)";
          }
        }
        description
          "Define authentication method";
      }

      leaf dh-group {
        type enumeration {
          enum "group1" {
            value 0;
            description
              "Diffie-Hellman Group 1";
          }
          enum "group2" {
            value 1;
            description
              "Diffie-Hellman Group 2";
          }
          enum "group5" {
            value 2;
            description
              "Diffie-Hellman Group 5";
          }
          enum "group14" {
            value 3;
            description
              "Diffie-Hellman Group 14";
          }
          enum "group15" {
            value 4;
            description
              "Diffie-Hellman Group 15";
          }
          enum "group16" {
            value 5;
            description
              "Diffie-Hellman Group 16";
          }
          enum "group19" {
            value 6;
            description
              "Diffie-Hellman Group 19";
          }
          enum "group20" {
            value 7;
            description
              "Diffie-Hellman Group 20";
          }
          enum "group24" {
            value 8;
            description
              "Diffie-Hellman Group 24";
          }
        }
        description
          "Define Diffie-Hellman group";
      }

      leaf authentication-algorithm {
        type enumeration {
          enum "md5" {
            value 0;
            description
              "MD5 authentication algorithm";
          }
          enum "sha1" {
            value 1;
            description
              "SHA1 authentication algorithm";
          }
          enum "sha-256" {
            value 2;
            description
              "SHA 256-bit authentication algorithm";
          }
          enum "sha-384" {
            value 3;
            description
              "SHA 384-bit authentication algorithm";
          }
        }
        description
          "Define authentication algorithm";
      }

      leaf encryption-algorithm {
        type enumeration {
          enum "des-cbc" {
            value 0;
            description
              "DES-CBC encryption algorithm";
          }
          enum "3des-cbc" {
            value 1;
            description
              "3DES-CBC encryption algorithm";
          }
          enum "aes-128-cbc" {
            value 2;
            description
              "AES-CBC 128-bit encryption algorithm";
          }
          enum "aes-192-cbc" {
            value 3;
            description
              "AES-CBC 192-bit encryption algorithm";
          }
          enum "aes-256-cbc" {
            value 4;
            description
              "AES-CBC 256-bit encryption algorithm";
          }
          enum "aes-128-gcm" {
            junos:must "(!(".. authentication-algorithm"))";
            junos:must-message "When using aes-gcm for Encryption the Authentication Algorithm must not be set.";
            value 5;
            description
              "AES-GCM 128-bit encryption algorithm";
          }
          enum "aes-256-gcm" {
            junos:must "(!(".. authentication-algorithm"))";
            junos:must-message "When using aes-gcm for Encryption the Authentication Algorithm must not be set.";
            value 6;
            description
              "AES-GCM 256-bit encryption algorithm";
          }
        }
        description
          "Define encryption algorithm";
      }

      leaf lifetime-seconds {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "180 .. 86400";
          }
        }
        units "seconds";
        description "Lifetime, in seconds";
      }
    }  // grouping ike-proposal

    grouping security-ipsec-policies {
      uses apply-advanced;

      list from-zone {
        key "from-zone-name to-zone";
        ordered-by user;
        description
          "Define ipsec policy context";
        uses security-ipsec-policy;
      }  // list from-zone
    }  // grouping security-ipsec-policies

    grouping security-ipsec-policy {
      leaf from-zone-name {
        junos:must "("security zones security-zone $$")";
        junos:must-message "Security zone must be defined";
        type string {
          length "1 .. 63";
        }
        description "Incoming zone";
      }

      leaf to-zone {
        junos:must "("security zones security-zone $$")";
        junos:must-message "Security zone must be defined";
        type string {
          length "1 .. 63";
        }
        description "Outgoing zone";
      }

      uses apply-advanced;

      leaf ipsec-group-vpn {
        junos:must "(unique "security ipsec-policy from-zone <*> to-zone <*> ipsec-group-vpn $$")";
        junos:must-message "Group VPN can only be referenced by one pair of from-zone and to-zone";
        junos:must "("security group-vpn member ipsec vpn $$")";
        junos:must-message "Group VPN must be defined";
        type string {
          length "1 .. 32";
        }
        description "Group VPN name";
      }
    }  // grouping security-ipsec-policy

    grouping security-ipsec-vpn {
      uses apply-advanced;

      container internal {
        presence "enable internal";
        description
          "Define an IPSec SA for internal RE-RE communication";
        uses apply-advanced;

        container security-association {
          presence
            "enable security-association";
          description
            "Define an IPsec security association";
          uses ipsec-internal-sa;
        }  // container security-association
      }  // container internal

      container traceoptions {
        description
          "Trace options for IPSec data-plane debug";
        uses ipsec-traceoptions;
      }  // container traceoptions

      container vpn-monitor-options {
        presence
          "enable vpn-monitor-options";
        description
          "Global options for VPN liveliness monitoring";
        uses ipsec-vpn-monitor;
      }  // container vpn-monitor-options

      list proposal {
        key "name";
        ordered-by user;
        description
          "Define an IPSec proposal";
        uses ipsec-proposal;
      }  // list proposal

      list policy {
        key "name";
        ordered-by user;
        description "Define an IPSec policy";
        uses ipsec-policy;
      }  // list policy

      list vpn {
        key "name";
        ordered-by user;
        description "Define an IPSec VPN";
        uses ipsec-vpn-template;
      }  // list vpn

      list security-association {
        key "name";
        ordered-by user;
        description
          "Define a manual control plane SA ";
        uses ipsec-sa;
      }  // list security-association
    }  // grouping security-ipsec-vpn

    grouping ipsec-internal-sa {
      uses apply-advanced;

      container manual {
        description
          "Define a manual security association";
        uses apply-advanced;

        container encryption {
          description
            "Define encryption parameters";
          uses apply-advanced;

          leaf algorithm {
            type enumeration {
              enum "3des-cbc" {
                value 0;
                description
                  "3DES-CBC encryption algorithm";
              }
              enum "aes-128-cbc" {
                value 1;
                description
                  "AES-CBC 128-bit encryption algorithm";
              }
            }
            description
              "Define encryption algorithm";
          }

          leaf ike-ha-link-encryption {
            type enumeration {
              enum "enable" {
                value 0;
                description
                  "Enable HA link encryption IKE internal messages";
              }
            }
            description
              "Enable HA link encryption IKE internal messages";
          }

          container key {
            description
              "Define an encryption key";
            choice key-choice {
              leaf ascii-text {
                type jt:unreadable;
                description "Format as text";
              }
            }  // choice key-choice
          }  // container key
        }  // container encryption
      }  // container manual
    }  // grouping ipsec-internal-sa

    grouping ipsec-policy {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        description
          "Name of the IPSec policy";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IPSec policy";
      }

      container perfect-forward-secrecy {
        description
          "Define perfect forward secrecy";
        uses apply-advanced;

        leaf keys {
          type enumeration {
            enum "group1" {
              value 0;
              description
                "Diffie-Hellman Group 1";
            }
            enum "group2" {
              value 1;
              description
                "Diffie-Hellman Group 2";
            }
            enum "group5" {
              value 2;
              description
                "Diffie-Hellman Group 5";
            }
            enum "group14" {
              value 3;
              description
                "Diffie-Hellman Group 14";
            }
            enum "group15" {
              value 4;
              description
                "Diffie-Hellman Group 15";
            }
            enum "group16" {
              value 5;
              description
                "Diffie-Hellman Group 16";
            }
            enum "group19" {
              value 6;
              description
                "Diffie-Hellman Group 19";
            }
            enum "group20" {
              value 7;
              description
                "Diffie-Hellman Group 20";
            }
            enum "group24" {
              value 8;
              description
                "Diffie-Hellman Group 24";
            }
          }
          description
            "Define Diffie-Hellman group";
        }
      }  // container perfect-forward-secrecy

      leaf-list proposals {
        junos:must "(".. .. .. proposal $$")";
        junos:must-message "Referenced proposal is not defined";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        ordered-by user;
        description "Name of the proposal";
      }

      leaf proposal-set {
        type enumeration {
          enum "basic" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 0;
            description
              "IPSEC basic proposal-set";
          }
          enum "compatible" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 1;
            description
              "IPSEC compatible proposal-set";
          }
          enum "standard" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 2;
            description
              "IPSEC standard proposal-set";
          }
          enum "suiteb-gcm-128" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 3;
            description
              "IPSec proposal-set for Suite-B-GCM-128";
          }
          enum "suiteb-gcm-256" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 4;
            description
              "IPSec proposal-set for Suite-B-GCM-256";
          }
          enum "prime-128" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 5;
            description
              "IPSec proposal-set for PRIME-128";
          }
          enum "prime-256" {
            junos:must "(!(".. proposals"))";
            junos:must-message "IPSec policy must not have both proposals and proposal-set configured";
            value 6;
            description
              "IPSec proposal-set for PRIME-256";
          }
        }
        description
          "Types of default IPSEC proposal-set";
      }
    }  // grouping ipsec-policy

    grouping ipsec-proposal {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        description
          "Name of the IPSec proposal";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of IPSec proposal";
      }

      leaf protocol {
        type enumeration {
          enum "ah" {
            junos:must "(!(".. encryption-algorithm"))";
            junos:must-message "Encryption algorithm must not be defined for AH";
            value 0;
            description
              "Authentication header";
          }
          enum "esp" {
            value 1;
            description
              "Encapsulated Security Payload header";
          }
        }
        description
          "Define an IPSec protocol for the proposal";
      }

      leaf authentication-algorithm {
        type enumeration {
          enum "hmac-md5-96" {
            value 0;
            description
              "HMAC-MD5-96 authentication algorithm";
          }
          enum "hmac-sha1-96" {
            value 1;
            description
              "HMAC-SHA1-96 authentication algorithm";
          }
          enum "hmac-sha-256-128" {
            value 2;
            description
              "HMAC-SHA-256-128 authentication algorithm";
          }
          enum "hmac-sha-256-96" {
            value 3;
            description
              "HMAC-SHA-256-96 authentication algorithm (non-RFC compliant)";
          }
        }
        description
          "Define authentication algorithm";
      }

      leaf encryption-algorithm {
        type enumeration {
          enum "des-cbc" {
            value 0;
            description
              "DES-CBC encryption algorithm";
          }
          enum "3des-cbc" {
            value 1;
            description
              "3DES-CBC encryption algorithm";
          }
          enum "aes-128-cbc" {
            value 2;
            description
              "AES-CBC 128-bit encryption algorithm";
          }
          enum "aes-192-cbc" {
            value 3;
            description
              "AES-CBC 192-bit encryption algorithm";
          }
          enum "aes-256-cbc" {
            value 4;
            description
              "AES-CBC 256-bit encryption algorithm";
          }
          enum "aes-128-gcm" {
            junos:must "(!(".. authentication-algorithm"))";
            junos:must-message "HMAC Authentication is not compatible with AES-GCM";
            value 5;
            description
              "AES-GCM 128-bit encryption algorithm";
          }
          enum "aes-192-gcm" {
            junos:must "(!(".. authentication-algorithm"))";
            junos:must-message "HMAC Authentication is not compatible with AES-GCM";
            value 6;
            description
              "AES-GCM 192-bit encryption algorithm";
          }
          enum "aes-256-gcm" {
            junos:must "(!(".. authentication-algorithm"))";
            junos:must-message "HMAC Authentication is not compatible with AES-GCM";
            value 7;
            description
              "AES-GCM 256-bit encryption algorithm";
          }
        }
        description
          "Define encryption algorithm";
      }

      leaf lifetime-seconds {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "180 .. 86400";
          }
        }
        units "seconds";
        description "Lifetime, in seconds";
      }

      leaf lifetime-kilobytes {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "64 .. 4294967294";
          }
        }
        units "kilobytes";
        description "Lifetime, in kilobytes";
      }
    }  // grouping ipsec-proposal

    grouping ipsec-sa {
      leaf name {
        junos:must "(".. manual")";
        junos:must-message "Type must be defined for security-association";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 32";
        }
        description
          "Name of IPSec security association";
      }

      uses apply-advanced;

      leaf description {
        type string {
          length "1 .. 80";
        }
        description
          "Text description of security association";
      }

      leaf mode {
        type enumeration {
          enum "transport" {
            junos:must "(".. manual")";
            junos:must-message "Manual block must be configured for transport mode security association";
            value 0;
            description "Transport mode";
          }
        }
        default "transport";
        description
          "Define security association mode";
      }

      choice sa_choice {
        container manual {
          description
            "Define a manual security association";
          uses security-association-manual;
        }  // container manual
      }  // choice sa_choice
    }  // grouping ipsec-sa

    grouping ipsec-traceoptions {
      description
        "Data-plane IPSec tracing options";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Events to include in data-plane IPSec trace output";
        leaf name {
          type enumeration {
            enum "packet-processing" {
              value 0;
              description
                "Trace data packet processing events";
            }
            enum "packet-drops" {
              value 1;
              description
                "Trace packet drops";
            }
            enum "security-associations" {
              value 2;
              description
                "Trace security association management events";
            }
            enum "next-hop-tunnel-binding" {
              value 3;
              description
                "Trace next-hop tunnel binding events";
            }
            enum "all" {
              value 4;
              description
                "Trace with all flags enabled";
            }
          }
        }
      }  // list flag
    }  // grouping ipsec-traceoptions

    grouping ipsec-vpn-monitor {
      description "Configure VPN monitoring";
      uses apply-advanced;

      leaf interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "2 .. 3600";
          }
        }
        units "seconds";
        default "10";
        description
          "Monitor interval in seconds";
      }

      leaf threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65536";
          }
        }
        default "10";
        description
          "Number of consecutive failures to determine connectivity";
      }
    }  // grouping ipsec-vpn-monitor

    grouping ipsec-vpn-template {
      description "Configure an IPSec VPN";
      leaf name {
        type string {
          length "1 .. 32";
        }
        description "Name of the VPN";
      }

      uses apply-advanced;

      leaf ha-link-encryption {
        junos:must "(!(".. manual"))";
        junos:must-message "When ha-link-encryption is enabled, manual sa configuration is not allowed";
        junos:must "(!(".. df-bit"))";
        junos:must-message "When ha-link-encryption is enabled, df-bit configuration is not allowed";
        junos:must "(!(".. udp-encapsulate"))";
        junos:must-message "When ha-link-encryption is enabled, udp-encapsulate configuration is not allowed";
        junos:must "(!(".. ike no-anti-replay"))";
        junos:must-message "When ha-link-encryption is enabled, no-anti-replay configuration is not allowed";
        junos:must "(!(".. ike proxy-identity"))";
        junos:must-message "When ha-link-encryption is enabled, ike proxy-identity configuration is not allowed";
        junos:must "(!(".. ike idle-time"))";
        junos:must-message "When ha-link-encryption is enabled, ike idle-time configuration is not allowed";
        junos:must "(!(".. ike install-interval"))";
        junos:must-message "When ha-link-encryption is enabled, ike install-interval configuration is not allowed";
        junos:must "(!(".. establish-tunnels responder-only-no-rekey"))";
        junos:must-message "When ha-link-encryption is enabled, establish-tunnels responder-only-no-rekey configuration is not allowed";
        junos:must "(!(".. establish-tunnels responder-only"))";
        junos:must-message "When ha-link-encryption is enabled, establish-tunnels responder-only configuration is not allowed";
        junos:must "(!(".. establish-tunnels on-traffic"))";
        junos:must-message "When ha-link-encryption is enabled, establish-tunnels on-traffic configuration is not allowed";
        junos:must "(!(".. establish-tunnels immediately"))";
        junos:must-message "When ha-link-encryption is enabled, establish-tunnels immediately configuration is not allowed";
        junos:must "(!(".. traffic-selector"))";
        junos:must-message "When ha-link-encryption is enabled, traffic-selector configuration is not allowed";
        junos:must "(!(".. vpn-monitor"))";
        junos:must-message "When ha-link-encryption is enabled, vpn-monitor configuration is not allowed";
        junos:must "(!(".. copy-outer-dscp"))";
        junos:must-message "When ha-link-encryption is enabled, copy-outer-dscp configuration is not allowed";
        junos:must "(!(".. multi-sa"))";
        junos:must-message "When ha-link-encryption is enabled, multi-sa configuration is not allowed";
        junos:must "(!(".. bind-interface"))";
        junos:must-message "When ha-link-encryption is enabled, bind-interface configuration is not applicable";
        type empty;
        description
          "Enable HA link encryption";
      }

      leaf bind-interface {
        junos:must "(!(("interfaces $$-IFL multipoint" && ".. aaa access-profile")))";
        junos:must-message "When aaa access-profile is configured under security ike gateway, vpn-monitor configuration is not allowed";
        junos:must "(("interfaces $$-IFL" || any "logical-systems <*> interfaces $$-IFL"))";
        junos:must-message "Referenced interface must be configured under [edit interfaces] hierarchy";
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Bind to tunnel interface (route-based VPN)";
      }

      leaf df-bit {
        type enumeration {
          enum "clear" {
            value 0;
            description
              "Clear DF bit of outer header";
          }
          enum "set" {
            value 1;
            description
              "Set DF bit of outer header";
          }
          enum "copy" {
            value 2;
            description
              "Copy DF bit from inner header";
          }
        }
        description
          "Specifies how to handle the Don't Fragment bit";
      }

      container multi-sa {
        junos:must "(!(".. vpn-monitor"))";
        junos:must-message "vpn-monitor with multi-sa is not supported";
        presence "enable multi-sa";
        description
          "Negotiate multiple SAs based on configuration choice";
        uses apply-advanced;

        choice sa_map {
          list forwarding-class {
            key "name";
            ordered-by user;
            leaf name {
              type string {
                length "1 .. 32";
              }
              description
                "Name of forwarding classes";
            }

            uses apply-advanced;
          }  // list forwarding-class
        }  // choice sa_map
      }  // container multi-sa

      leaf copy-outer-dscp {
        type empty;
        description
          "Enable copying outer IP header DSCP and ECN to inner IP header";
      }

      container vpn-monitor {
        presence "enable vpn-monitor";
        description "Monitor VPN liveliness";
        uses ipsec-template-monitor;
      }  // container vpn-monitor

      choice negotiation {
        container manual {
          junos:must "(!(".. traffic-selector"))";
          junos:must-message "Manual vpn with traffic selector is not allowed";
          description
            "Define a manual security association";
          uses apply-advanced;

          leaf gateway {
            type jt:hostname;
            description
              "Define the IPSec peer";
          }

          leaf external-interface {
            junos:must "(!("interfaces $$ family bridge"))";
            junos:must-message "Bridge interface is not allowed as external-interface";
            junos:must "("interfaces $$-IFL")";
            junos:must-message "Referenced interface must be configured under [edit interfaces] hierarchy";
            type union {
              type jt:interface-unit;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "External interface for the security association";
          }

          leaf protocol {
            type enumeration {
              enum "ah" {
                junos:must "(!(".. encryption"))";
                junos:must-message "Encryption must not be defined for AH";
                junos:must "(".. authentication")";
                junos:must-message "Authentication must be defined for AH";
                value 0;
                description
                  "Authentication header";
              }
              enum "esp" {
                junos:must "((".. authentication" || ".. encryption"))";
                junos:must-message "Either authentication or encryption must be defined for ESP";
                value 1;
                description
                  "Encapsulated Security Payload header";
              }
            }
            description
              "Define an IPSec protocol for the security association";
          }

          leaf spi {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "256 .. 16639";
              }
            }
            description
              "Define security parameter index";
          }

          container authentication {
            description
              "Define authentication parameters";
            uses apply-advanced;

            leaf algorithm {
              type enumeration {
                enum "hmac-md5-96" {
                  value 0;
                  description
                    "HMAC-MD5-96 authentication algorithm";
                }
                enum "hmac-sha1-96" {
                  value 1;
                  description
                    "HMAC-SHA1-96 authentication algorithm";
                }
                enum "hmac-sha-256-128" {
                  value 2;
                  description
                    "HMAC-SHA-256-128 authentication algorithm";
                }
                enum "hmac-sha-256-96" {
                  value 3;
                  description
                    "HMAC-SHA-256-96 authentication algorithm (non-RFC compliant)";
                }
              }
              description
                "Define authentication algorithm";
            }

            container key {
              description
                "Define an authentication key";
              choice key-choice {
                leaf ascii-text {
                  type string {
                    length "1 .. 255";
                  }
                  description
                    "Format as text";
                }
                leaf hexadecimal {
                  type string {
                    junos:posix-pattern "^[[:xdigit:]]+$";
                    junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                    length "1 .. 255";
                  }
                  description
                    "Format as hexadecimal";
                }
              }  // choice key-choice
            }  // container key
          }  // container authentication

          container encryption {
            description
              "Define encryption parameters";
            uses apply-advanced;

            leaf algorithm {
              type enumeration {
                enum "des-cbc" {
                  value 0;
                  description
                    "DES-CBC encryption algorithm";
                }
                enum "3des-cbc" {
                  value 1;
                  description
                    "3DES-CBC encryption algorithm";
                }
                enum "aes-128-cbc" {
                  value 2;
                  description
                    "AES-CBC 128-bit encryption algorithm";
                }
                enum "aes-192-cbc" {
                  value 3;
                  description
                    "AES-CBC 192-bit encryption algorithm";
                }
                enum "aes-256-cbc" {
                  value 4;
                  description
                    "AES-CBC 256-bit encryption algorithm";
                }
                enum "aes-128-gcm" {
                  junos:must "(!(".. authentication-algorithm"))";
                  junos:must-message "When using aes-gcm for Encryption the Authentication Algorithm must not be set.";
                  value 5;
                  description
                    "AES-GCM 128-bit encryption algorithm";
                }
                enum "aes-256-gcm" {
                  junos:must "(!(".. authentication-algorithm"))";
                  junos:must-message "When using aes-gcm for Encryption the Authentication Algorithm must not be set.";
                  value 6;
                  description
                    "AES-GCM 256-bit encryption algorithm";
                }
              }
              description
                "Define encryption algorithm";
            }

            container key {
              description
                "Define an encryption key";
              choice key-choice {
                leaf ascii-text {
                  type string {
                    length "1 .. 255";
                  }
                  description
                    "Format as text";
                }
                leaf hexadecimal {
                  type string {
                    junos:posix-pattern "^[[:xdigit:]]+$";
                    junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                    length "1 .. 255";
                  }
                  description
                    "Format as hexadecimal";
                }
              }  // choice key-choice
            }  // container key
          }  // container encryption
        }  // container manual
        container ike {
          description
            "Define an IKE-keyed IPSec vpn";
          uses apply-advanced;

          leaf gateway {
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ external-interface")))";
            junos:must-message "When ha-link-encryption is enabled, external-interface is pre-defined and cannot be configured in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ address")))";
            junos:must-message "When ha-link-encryption is enabled, peer address is pre-defined and cannot be configured in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ no-nat-traversal")))";
            junos:must-message "When ha-link-encryption is enabled, Disable NAT-Traversal is not applicable in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ local-identity")))";
            junos:must-message "When ha-link-encryption is enabled, local-identity cannot be configured in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ general-ikeid")))";
            junos:must-message "When ha-link-encryption is enabled, General-IKEID is not applicable in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ dynamic")))";
            junos:must-message "When ha-link-encryption is enabled, Dynamic is not applicable in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ advpn")))";
            junos:must-message "When ha-link-encryption is enabled, ADVPN is not applicable in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ remote-identity")))";
            junos:must-message "When ha-link-encryption is enabled, remote-identity cannot be configured in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ tcp-encap-profile")))";
            junos:must-message "When ha-link-encryption is enabled, tcp-encap-profile is not applicable on associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ nat-keepalive")))";
            junos:must-message "When ha-link-encryption is enabled,  nat-keepalive is not applicable on associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ local-address")))";
            junos:must-message "When ha-link-encryption is enabled, local-address is pre-defined and cannot be configured in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ dead-peer-detection")))";
            junos:must-message "When ha-link-encryption is enabled, dead-peer-detection (mode:always-send, Interval: 3 sec, Threshold:10) is pre-defined and cannot be configured in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && "security ike gateway $$ aaa")))";
            junos:must-message "When ha-link-encryption is enabled, AAA is not applicable in associated IKE Gateway";
            junos:must "(!((".. .. ha-link-encryption" && !("security ike gateway $$ version v2-only"))))";
            junos:must-message "When ha-link-encryption is enabled, associated IKE Gateway must be version 2";
            junos:must "(!((!(".. .. ha-link-encryption") && (!(".. .. bind-interface") && "security ike gateway $$ version v2-only"))))";
            junos:must-message "IKEv2 requires bind-interface configuration as only route-based is supported";
            junos:must "(!(("security ike gateway $$ advpn" && ".. proxy-identity")))";
            junos:must-message "No proxy-identity support on an advpn enabled gateway";
            junos:must "(!(("security ike gateway $$ aaa access-profile" && ".. .. vpn-monitor")))";
            junos:must-message "When aaa access-profile is configured under security ike gateway, vpn-monitor configuration is not allowed";
            junos:must "(!(("security ike gateway $$ advpn" && ".. .. vpn-monitor destination-ip")))";
            junos:must-message "No destination ip support for vpn-monitor in vpn referring to an advpn enabled gateway";
            junos:must "(!(("security ike gateway $$ dynamic ike-user-type" && ".. .. vpn-monitor destination-ip")))";
            junos:must-message "No destination ip support for vpn-monitor in vpn using shared or group ike";
            junos:must "("security ike gateway $$")";
            junos:must-message "Referenced IKE gateway must be defined under [edit security ike gateway]";
            type string {
              junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
              junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
              length "1 .. 32";
            }
            description
              "Name of remote gateway";
          }

          leaf idle-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "60 .. 999999";
              }
            }
            units "seconds";
            description
              "Idle time to delete SA";
          }

          leaf no-anti-replay {
            type empty;
            description
              "Disable the anti-replay check";
          }

          container proxy-identity {
            presence "enable proxy-identity";
            description
              "IPSec proxy-id to use in IKE negotiations";
            uses ipsec-template-proxy-id;
          }  // container proxy-identity

          leaf ipsec-policy {
            junos:must "("security ipsec policy $$")";
            junos:must-message "Referenced IPSec policy must be defined under [edit security ipsec policy]";
            type string {
              junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
              junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
              length "1 .. 32";
            }
            description
              "Name of the IPSec policy";
          }

          leaf install-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 10";
              }
            }
            units "seconds";
            default "1";
            description
              "Delay installation of rekeyed outbound SAs on initiator";
          }
        }  // container ike
      }  // choice negotiation

      list traffic-selector {
        junos:must "(!(".. ike proxy-identity"))";
        junos:must-message "Proxy-identity must not be configured with traffic-selector";
        junos:must "(".. bind-interface")";
        junos:must-message "Bind-interface must be configured under [edit security ipsec vpn] hierarchy";
        key "name";
        max-elements 200;
        ordered-by user;
        description "Traffic selector";
        leaf name {
          type string {
            length "1 .. 31";
          }
          description
            "Name of traffic selector";
        }

        uses apply-advanced;

        leaf local-ip {
          type jt:ipprefix-mandatory;
          description
            "IP address of local traffic-selector";
        }

        leaf remote-ip {
          type jt:ipprefix-mandatory;
          description
            "IP address of remote traffic-selector";
        }
      }  // list traffic-selector

      leaf establish-tunnels {
        junos:must "(".. ike")";
        junos:must-message "VPN must be IKE-keyed to define establish-tunnel method";
        type enumeration {
          enum "immediately" {
            value 0;
            description
              "Establish tunnels immediately";
          }
          enum "on-traffic" {
            value 1;
            description
              "Establish tunnels on traffic";
          }
        }
        default "on-traffic";
        description
          "Define the criteria to establish tunnels";
      }

      container udp-encapsulate {
        presence "enable udp-encapsulate";
        description
          "UDP encapsulation of IPsec data traffic";
        leaf dest-port {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1025 .. 65536";
            }
          }
          default "4565";
          description "UDP destination port";
        }
      }  // container udp-encapsulate
    }  // grouping ipsec-vpn-template

    grouping ipsec-template-monitor {
      junos:must "(!(".. traffic-selector"))";
      junos:must-message "vpn-monitor with traffic selector is not supported";
      description "Configure VPN monitoring";
      uses apply-advanced;

      leaf optimized {
        type empty;
        description
          "Optimize for scalability";
      }

      leaf source-interface {
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Source interface for monitor message";
      }

      leaf destination-ip {
        type jt:ipaddr;
        description
          "Destination IP addres for monitor message";
      }

      container verify-path {
        presence "enable verify-path";
        description
          "Verify IPSec path using vpn-monitor before bring up st0 state";
        uses apply-advanced;

        leaf destination-ip {
          type jt:ipaddr;
          description
            "Destination IP addres for verify IPSec path";
        }

        leaf packet-size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "64 .. 1350";
            }
          }
          default "64";
          description "Size of the packet";
        }
      }  // container verify-path
    }  // grouping ipsec-template-monitor

    grouping ipsec-template-proxy-id {
      description "Proxy identity settings";
      uses apply-advanced;

      leaf local {
        type jt:ipprefix-mandatory;
        description
          "Local IP address/prefix length";
      }

      leaf remote {
        type jt:ipprefix-mandatory;
        description
          "Remote IP address/prefix length";
      }

      leaf service {
        type string {
          length "1 .. 32";
        }
        description
          "Name of serivce that passes through, any enables all services";
      }
    }  // grouping ipsec-template-proxy-id

    grouping security-association-manual {
      uses apply-advanced;

      list direction {
        key "name";
        ordered-by user;
        description
          "Define the direction of the security association";
        leaf name {
          type enumeration {
            enum "bidirectional" {
              junos:must "((!(".. .. direction $$={inbound}") && !(".. .. direction $$={outbound}")))";
              junos:must-message "Outbound or inbound blocks must not be configured";
              value 0;
              description
                "Bidirectional security association";
            }
          }
        }

        uses apply-advanced;

        leaf protocol {
          type enumeration {
            enum "ah" {
              junos:must "(!(".. encryption"))";
              junos:must-message "Encryption must not be defined for AH";
              junos:must "(".. authentication")";
              junos:must-message "Authentication must be defined for AH";
              value 0;
              description
                "Authentication header";
            }
            enum "esp" {
              junos:must "((".. authentication" || ".. encryption"))";
              junos:must-message "Either authentication or encryption must be defined for ESP";
              value 1;
              description
                "Encapsulated Security Payload header";
            }
          }
          description
            "Define an IPSec protocol for the security association";
        }

        leaf spi {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "256 .. 16639";
            }
          }
          description
            "Define security parameter index";
        }

        container authentication {
          description
            "Define authentication parameters";
          uses apply-advanced;

          leaf algorithm {
            type enumeration {
              enum "hmac-md5-96" {
                value 0;
                description
                  "HMAC-MD5-96 authentication algorithm";
              }
              enum "hmac-sha1-96" {
                value 1;
                description
                  "HMAC-SHA1-96 authentication algorithm";
              }
            }
            description
              "Define authentication algorithm";
          }

          container key {
            description
              "Define an authentication key";
            choice key-choice {
              leaf ascii-text {
                type string {
                  length "1 .. 255";
                }
                description "Format as text";
              }
              leaf hexadecimal {
                type string {
                  junos:posix-pattern "^[[:xdigit:]]+$";
                  junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                  length "1 .. 255";
                }
                description
                  "Format as hexadecimal";
              }
            }  // choice key-choice
          }  // container key
        }  // container authentication

        container encryption {
          description
            "Define encryption parameters";
          uses apply-advanced;

          leaf algorithm {
            type enumeration {
              enum "des-cbc" {
                value 0;
                description
                  "DES-CBC encryption algorithm";
              }
              enum "3des-cbc" {
                value 1;
                description
                  "3DES-CBC encryption algorithm";
              }
            }
            description
              "Define encryption algorithm";
          }

          container key {
            description
              "Define an encryption key";
            choice key-choice {
              leaf ascii-text {
                type string {
                  length "1 .. 255";
                }
                description "Format as text";
              }
              leaf hexadecimal {
                type string {
                  junos:posix-pattern "^[[:xdigit:]]+$";
                  junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                  length "1 .. 255";
                }
                description
                  "Format as hexadecimal";
              }
            }  // choice key-choice
          }  // container key
        }  // container encryption
      }  // list direction
    }  // grouping security-association-manual

    grouping security-macsec {
      uses apply-advanced;

      container traceoptions {
        presence "enable traceoptions";
        description
          "Tracing options for debugging protocol operation";
        uses macsec-trace-options;
      }  // container traceoptions

      list connectivity-association {
        key "name";
        ordered-by user;
        description
          "Configure connectivity association properties";
        leaf name {
          type string {
            length "1 .. 32";
          }
          description
            "Connectivity association name";
        }

        uses apply-advanced;

        leaf cipher-suite {
          type enumeration {
            enum "gcm-aes-128" {
              value 0;
              description
                "GCM-AES-128 cipher suite";
            }
            enum "gcm-aes-256" {
              junos:must "(!(".. security-mode static-sak"))";
              junos:must-message "GCM-AES-256 cipher suite not allowed for static-sak mode";
              value 1;
              description
                "GCM-AES-256 cipher suite";
            }
            enum "gcm-aes-xpn-128" {
              junos:must "(!(".. security-mode static-sak"))";
              junos:must-message "GCM-AES-XPN-128 cipher suite not allowed for static-sak mode";
              value 2;
              description
                "GCM-AES-XPN-128 cipher suite";
            }
            enum "gcm-aes-xpn-256" {
              junos:must "(!(".. security-mode static-sak"))";
              junos:must-message "GCM-AES-XPN-256 cipher suite not allowed for static-sak mode";
              value 3;
              description
                "GCM-AES-XPN-256 cipher suite";
            }
          }
          description
            "Cipher suite to be used for encryption";
        }

        leaf security-mode {
          junos:must "((!(".. security-mode static-cak") || (".. pre-shared-key cak" || (".. pre-shared-key-chain" || ".. fallback-key cak"))))";
          junos:must-message "Pre-shared key or fallback-key or pre-shared-key-chain required for static-cak mode";
          type enumeration {
            enum "dynamic" {
              value 0;
              description
                "Dynamic connectivity and secure association mode (MKA and dot1x)";
            }
            enum "static-sak" {
              value 1;
              description
                "Static secure association key mode (no MKA)";
            }
            enum "static-cak" {
              value 2;
              description
                "Static connectivity association key mode (MKA and Pre-shared key)";
            }
          }
          description
            "Connectivity association mode";
        }

        leaf sak-hash-128 {
          junos:must "((".. cipher-suite gcm-aes-256" || ".. cipher-suite gcm-aes-xpn-256"))";
          junos:must-message "Allowed only for cipher-suite gcm-aes-256 or gcm-aes-xpn-256";
          type empty;
          description
            "Configure to generate 128bit SAK hash to program HW";
        }

        list secure-channel {
          junos:must "(".. security-mode static-sak")";
          junos:must-message "Secure-channel configuration allowed only for static-sak mode";
          key "name";
          ordered-by user;
          description
            "Configure secure channel properties";
          leaf name {
            type string;
            description
              "Secure channel name";
          }

          uses apply-advanced;

          container id {
            description
              "Secure channel identifier";
            uses apply-advanced;

            leaf mac-address {
              type jt:mac-addr;
              description "MAC addresses";
            }

            leaf port-id {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description "Port identifier";
            }
          }  // container id

          leaf direction {
            type enumeration {
              enum "inbound" {
                value 0;
              }
              enum "outbound" {
                value 1;
              }
            }
            description
              "Secure channel direction";
          }

          leaf encryption {
            type empty;
            description "Enable Encryption";
          }

          leaf offset {
            type enumeration {
              enum "0" {
                value 0;
                description
                  "Confidentiality protected for all octets of MACSec PDU data";
              }
              enum "30" {
                value 1;
                description
                  "Confidentiality not protected for initial 30 octets of MACSec PDU data";
              }
              enum "50" {
                value 2;
                description
                  "Confidentiality not protected for initial 50 octets of MACSec PDU data";
              }
            }
            description
              "Confidentiality offset";
          }

          leaf include-sci {
            type empty;
            description
              "Include secure channel identifier in MAC Security PDU";
          }

          list security-association {
            key "name";
            ordered-by user;
            description
              "Security association";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 3";
                }
              }
              description
                "Security association number";
            }

            uses apply-advanced;

            leaf key {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F) of length 32";
                length "32";
              }
              description
                "Security association key in hexadecimal format of length 32";
            }
          }  // list security-association
        }  // list secure-channel

        container mka {
          junos:must "((".. security-mode static-cak" || ".. security-mode dynamic"))";
          junos:must-message "MKA configuration can be set only for dynamic/static-cak modes";
          presence "enable mka";
          description
            "Configure MAC Security Key Agreement protocol properties";
          uses apply-advanced;

          leaf transmit-interval {
            junos:must "(!(".. bounded-delay"))";
            junos:must-message "Might not be configured with bounded-delay";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2000 .. 10000";
              }
            }
            units "milliseconds";
            description
              "Configure MKA periodic transmit interval";
          }

          leaf sak-rekey-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "60 .. 86400";
              }
            }
            units "seconds";
            description
              "Configure SAK rekeying interval";
          }

          leaf bounded-delay {
            junos:must "(".. .. replay-protect replay-window-size")";
            junos:must-message "replay-window-size must be configured with bounded-delay";
            type empty;
            description
              "Configure Bounded Hello Time";
          }

          leaf key-server-priority {
            junos:must "(".. .. security-mode static-cak")";
            junos:must-message "Allowed only for static-cak mode";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            default "16";
            description
              "Configure MKA key server priority";
          }

          leaf must-secure {
            junos:must "(".. .. security-mode dynamic")";
            junos:must-message "Allowed only for dynamic mode";
            type empty;
            description
              "Allow only secure dot1x traffic";
          }

          leaf should-secure {
            junos:must "(".. .. security-mode static-cak")";
            junos:must-message "Allowed only for static mode";
            type empty;
            description
              "Configure fail open mode for MKA protocol";
          }

          leaf eapol-address {
            junos:must "(".. .. security-mode static-cak")";
            junos:must-message "Allowed only for static-cak mode";
            type string;
            default "pae";
            description
              "Configure EAPOL destination group address";
          }
        }  // container mka

        container replay-protect {
          junos:must "((".. security-mode static-cak" || ".. security-mode dynamic"))";
          junos:must-message "Not allowed for static-sak mode";
          description
            "Configure replay protection";
          uses apply-advanced;

          leaf replay-window-size {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 65535";
              }
            }
            units "packets";
            description
              "Configure replay protection window size";
          }
        }  // container replay-protect

        leaf no-encryption {
          junos:must "(!(".. offset"))";
          junos:must-message "Offset can be configured only with encryption";
          junos:must "((".. security-mode static-cak" || ".. security-mode dynamic"))";
          junos:must-message "Encryption for static-sak mode should be configured under secure-channel";
          type empty;
          description "Disable encryption";
        }

        leaf disable-preceding-key {
          junos:must "(".. security-mode static-cak")";
          junos:must-message "Enabling configuration allowed only in static-cak mode";
          type empty;
          description
            "Disable CA preceding key duing key switch-over";
        }

        leaf offset {
          junos:must "((".. security-mode static-cak" || ".. security-mode dynamic"))";
          junos:must-message "Offset for static-sak mode should be configured under secure-channel";
          type enumeration {
            enum "0" {
              value 0;
              description
                "Confidentiality provided for all octets of data";
            }
            enum "30" {
              value 1;
              description
                "Confidentiality not provided for initial 30 octets of data";
            }
            enum "50" {
              value 2;
              description
                "Confidentiality not provided for initial 50 octets of data";
            }
          }
          default "0";
          description
            "Confidentiality offset";
        }

        leaf include-sci {
          junos:must "((".. security-mode static-cak" || ".. security-mode dynamic"))";
          junos:must-message "Not allowed for static-sak mode";
          type empty;
          description
            "Include secure channel identifier in MAC Security PDU";
        }

        container pre-shared-key {
          junos:must "(".. security-mode static-cak")";
          junos:must-message "Pre-shared key configuration allowed only in static-cak mode";
          presence "enable pre-shared-key";
          description
            "Configure pre-shared connectivity association key";
          uses apply-advanced;

          leaf ckn {
            type string {
              junos:posix-pattern "^([0-9a-fA-F][0-9a-fA-F]){1,32}$";
              junos:pattern-message "Must be an even-length string up to 64 hexadecimal digits (0-9, a-f, A-F)";
              length "2 .. 64";
            }
            description
              "Connectivity association key name in hexadecimal format";
          }

          leaf cak {
            type string {
              junos:posix-pattern "^[[:xdigit:]]+$";
              junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
              length "1 .. 64";
            }
            description
              "Connectivity association key in hexadecimal format";
          }
        }  // container pre-shared-key

        container fallback-key {
          junos:must "(".. security-mode static-cak")";
          junos:must-message "Fallback key configuration allowed only in static-cak mode";
          presence "enable fallback-key";
          description
            "Configure fallback key for connectivity association";
          uses apply-advanced;

          leaf ckn {
            junos:must "(!(".. .. pre-shared-key ckn $$"))";
            junos:must-message "fallback-key CKN cannot be same as pre-shared-key CKN";
            type string {
              junos:posix-pattern "^([0-9a-fA-F][0-9a-fA-F]){1,32}$";
              junos:pattern-message "Must be an even-length string up to 64 hexadecimal digits (0-9, a-f, A-F)";
              length "2 .. 64";
            }
            description
              "Connectivity association fallback key name in hexadecimal format";
          }

          leaf cak {
            type string {
              junos:posix-pattern "^[[:xdigit:]]+$";
              junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
              length "1 .. 64";
            }
            description
              "Connectivity association fallback key secret in hexadecimal format";
          }
        }  // container fallback-key

        leaf pre-shared-key-chain {
          junos:must "(!(".. pre-shared-key"))";
          junos:must-message "May not be configured with pre-shared-key";
          junos:must "("security authentication-key-chains key-chain $$")";
          junos:must-message "authentication-key-chains not defined !!";
          type string {
            junos:posix-pattern "^.{1,32}$";
            junos:pattern-message "Must be string of 32 characters or less";
          }
          description
            "Pre-shared key chain name for connectivity association";
        }

        list exclude-protocol {
          junos:must "((".. security-mode static-cak" || ".. security-mode dynamic"))";
          junos:must-message "Not allowed for static-sak mode";
          key "name";
          ordered-by user;
          description
            "Configure protocols to exclude from MAC Security";
          leaf name {
            type enumeration {
              enum "cdp" {
                value 0;
                description
                  "Cisco Discovery Protocol";
              }
              enum "lldp" {
                value 1;
                description
                  "Link Level Discovery Protocol";
              }
              enum "lacp" {
                value 2;
                description
                  "Link Aggregation Control Protocol";
              }
            }
          }
        }  // list exclude-protocol
      }  // list connectivity-association

      list interfaces {
        key "name";
        description
          "Interfaces on which macsec configuration is applied";
        leaf name {
          type union {
            type jt:interface-device;
            type string {
              pattern "<.*>|$.*";
            }
          }
        }

        uses apply-advanced;

        leaf connectivity-association {
          junos:must "("security macsec connectivity-association $$")";
          junos:must-message "Connectivity association not defined";
          type string;
          description
            "Connectivity association name";
        }

        container traceoptions {
          junos:must "(".. connectivity-association")";
          junos:must-message "Connectivity association should be configured on interface to enable traceoptions";
          presence "enable traceoptions";
          description
            "Tracing options of MKA protocol";
          uses mka-trace-options;
        }  // container traceoptions
      }  // list interfaces

      list cluster-control-port {
        key "name";
        description
          "Cluster control port on which macsec configuration is applied";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 1";
            }
          }
          description "Port identifier";
        }

        uses apply-advanced;

        leaf connectivity-association {
          junos:must "(!("security macsec connectivity-association $$ pre-shared-key-chain"))";
          junos:must-message "Pre-shared keychain is not supported on cluster control port";
          junos:must "("security macsec connectivity-association $$")";
          junos:must-message "Connectivity association not defined";
          type string;
          description
            "Connectivity association name";
        }

        container traceoptions {
          presence "enable traceoptions";
          description
            "Tracing options of MKA protocol";
          uses mka-trace-options;
        }  // container traceoptions
      }  // list cluster-control-port

      list cluster-data-port {
        key "name";
        description
          "Cluster data port on which macsec configuration is applied";
        leaf name {
          junos:must "(!("security macsec connectivity-association $$ pre-shared-key-chain"))";
          junos:must-message "Pre-shared keychain is not supported on cluster data port";
          type union {
            type jt:interface-device;
            type string {
              pattern "<.*>|$.*";
            }
          }
        }

        uses apply-advanced;

        leaf connectivity-association {
          junos:must "("security macsec connectivity-association $$")";
          junos:must-message "Connectivity association not defined";
          type string;
          description
            "Connectivity association name";
        }

        container traceoptions {
          presence "enable traceoptions";
          description
            "Tracing options of MKA protocol";
          uses mka-trace-options;
        }  // container traceoptions
      }  // list cluster-data-port
    }  // grouping security-macsec

    grouping macsec-trace-options {
      description
        "Trace options for MACSec Protocol";
      uses apply-advanced;

      container file {
        description "Trace file options";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf replace {
          type empty;
          status deprecated;
          description
            "Replace trace file rather than appending to it";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "10";
          description
            "Maximum number of trace files";
        }

        leaf no-stamp {
          type empty;
          status deprecated;
          description
            "Do not timestamp trace file";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice
      }  // container file

      list flag {
        junos:must "(".. file")";
        junos:must-message "Trace file name required to enable tracing";
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "config" {
              value 0;
              description
                "Trace configuration messages";
            }
            enum "debug" {
              value 1;
              description
                "Trace debug messages";
            }
            enum "normal" {
              value 2;
              description
                "Trace normal messages";
            }
            enum "all" {
              value 3;
              description "Trace all";
            }
          }
        }
      }  // list flag
    }  // grouping macsec-trace-options

    grouping mka-trace-options {
      description
        "Trace options for MKA protocol";
      uses apply-advanced;

      container file {
        description "Trace file options";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf replace {
          type empty;
          status deprecated;
          description
            "Replace trace file rather than appending to it";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "10";
          description
            "Maximum number of trace files";
        }

        leaf no-stamp {
          type empty;
          status deprecated;
          description
            "Do not timestamp trace file";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice
      }  // container file

      list flag {
        junos:must "(".. file")";
        junos:must-message "Trace file name required to enable tracing";
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "mka-packets" {
              value 0;
              description
                "Trace MKA input and output packets";
            }
            enum "state" {
              value 1;
              description
                "Trace MKA state information";
            }
            enum "to-secy" {
              value 2;
              description
                "Trace MKA to SecY state changes";
            }
            enum "keys" {
              value 3;
              description
                "Trace key creation/generation information";
            }
            enum "normal" {
              value 4;
              description
                "Trace normal events";
            }
            enum "all" {
              value 5;
              description "Trace all";
            }
          }
        }
      }  // list flag
    }  // grouping mka-trace-options

    grouping security-option-82-type {
      description
        "DHCP option-82 processing";
      uses apply-advanced;

      container circuit-id {
        presence "enable circuit-id";
        description
          "Configure DHCP option 82 circuit id";
        uses apply-advanced;

        container prefix {
          description
            "Configure DHCP option 82 circuit id prefix";
          uses apply-advanced;

          leaf host-name {
            type empty;
            description
              "Add router host name to DHCP option-82 circuit id";
          }

          leaf logical-system-name {
            type empty;
            description
              "Add logical system name to DHCP option-82 circuit id";
          }

          leaf routing-instance-name {
            type empty;
            description
              "Add routing instance name to DHCP option-82 circuit id";
          }
        }  // container prefix

        leaf use-interface-description {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Use interface description instead of circuit identifier";
        }

        leaf use-vlan-id {
          type empty;
          description
            "Use VLAN id instead of name";
        }
      }  // container circuit-id

      container remote-id {
        presence "enable remote-id";
        description
          "Configure DHCP option 82 remote id";
        uses apply-advanced;

        leaf host-name {
          type empty;
          description
            "Add router host name to DHCP option-82 remote id";
        }

        leaf use-interface-description {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Use interface description instead of interface name";
        }

        leaf use-string {
          junos:must "(!(".. use-interface-description"))";
          junos:must-message "use-string and use-interface-description cannot be configured together";
          type string;
          description
            "Use raw string instead of the default remote id";
        }

        leaf mac {
          type empty;
          description
            "Add chassis MAC Address to DHCP option-82 remote id";
        }
      }  // container remote-id

      container vendor-id {
        presence "enable vendor-id";
        description
          "Configure DHCP option 82 vendor id";
        uses apply-advanced;

        leaf use-string {
          type string;
          default "Juniper Networks";
          description
            "Use raw string instead of the default vendor id";
        }
      }  // container vendor-id
    }  // grouping security-option-82-type

    grouping security-pki {
      uses apply-advanced;

      list ca-profile {
        key "name";
        ordered-by user;
        description
          "Certificate authority profile configuration";
        leaf name {
          type string {
            junos:posix-pattern "![/%. ]";
            junos:pattern-message "Must not contain '/', %, '.' or a space";
            length "1 .. 32";
          }
          description
            "Name of certificate authority profile";
        }

        uses apply-advanced;

        leaf ca-identity {
          type string;
          description
            "Certificate authority identifier";
        }

        leaf source-address {
          type jt:ipaddr;
          description
            "Use specified address as source address";
        }

        leaf proxy-profile {
          junos:must "("services proxy profile $$")";
          junos:must-message "Referenced Proxy profile must be defined under [edit services proxy profile]";
          type string;
          description
            "Use specified proxy server";
        }

        leaf routing-instance {
          junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))";
          junos:must-message "referenced routing-instance must be defined";
          type string;
          description
            "Use specified routing instance";
        }

        container enrollment {
          description
            "Enrollment parameters for certificate authority";
          uses apply-advanced;

          leaf url {
            type string;
            description
              "Enrollment URL of certificate authority";
          }

          leaf retry {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1080";
              }
            }
            default "1000";
            description
              "Number of enrollment retry attempts before aborting";
          }

          leaf retry-interval {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 3600";
              }
            }
            default "600";
            description
              "Interval in seconds between the enrollment retries";
          }
        }  // container enrollment

        container revocation-check {
          description
            "Method for checking certificate revocations";
          uses apply-advanced;

          choice revocation-check-options {
            leaf use-crl {
              type empty;
              description
                "Use CRL for revocation check";
            }
            leaf use-ocsp {
              type empty;
              description
                "Use OCSP for revocation check";
            }
            leaf disable {
              type empty;
              description
                "Disable revocation check";
            }
          }  // choice revocation-check-options

          container ocsp {
            presence "enable ocsp";
            description
              "Online Certificate Status Protocol (OCSP) configuration";
            uses apply-advanced;

            list url {
              key "name";
              ordered-by user;
              leaf name {
                type string {
                  length "1 .. 500";
                }
                description
                  "HTTP URL for OCSP access location";
              }

              uses apply-advanced;
            }  // list url

            leaf nonce-payload {
              type enumeration {
                enum "enable" {
                  value 0;
                  description
                    "Send nonce paylod in OCSP request";
                }
                enum "disable" {
                  value 1;
                  description
                    "Do not send nonce payload in OCSP request";
                }
              }
              description
                "Include nonce payload in OCSP requests";
            }

            leaf disable-responder-revocation-check {
              type empty;
              description
                "Disable OCSP responder certificate revocation check";
            }

            leaf accept-unknown-status {
              type empty;
              description
                "Accept certificates with unknown status";
            }

            container connection-failure {
              presence
                "enable connection-failure";
              description
                "Actions on failure to connect to OCSP Responder";
              uses apply-advanced;

              choice connection-failure-options {
                leaf fallback-crl {
                  type empty;
                  description
                    "Use CRL for revocation check";
                }
                leaf disable {
                  type empty;
                  description
                    "Disable OCSP check on connection failure";
                }
              }  // choice connection-failure-options
            }  // container connection-failure
          }  // container ocsp

          container crl {
            description
              "Certificate revocation list configuration";
            uses apply-advanced;

            container disable {
              leaf on-download-failure {
                type empty;
                description
                  "Check revocation status with existing CRL file if present, otherwise skip. This feature must be enabled for manual CRL download.";
              }
            }  // container disable

            list url {
              key "name";
              ordered-by user;
              leaf name {
                type string {
                  length "1 .. 500";
                }
                description
                  "URL of CRL distribution point for certificate authority";
              }

              uses apply-advanced;

              leaf password {
                type jt:unreadable;
                description
                  "Password for authentication with the server";
              }
            }  // list url

            leaf refresh-interval {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 8784";
                }
              }
              units "hours";
              description
                "CRL refresh interval";
            }
          }  // container crl
        }  // container revocation-check

        container administrator {
          description
            "Administrator information";
          uses apply-advanced;

          leaf email-address {
            type string;
            description
              "Administrator e-mail to which to send certificate requests";
          }
        }  // container administrator
      }  // list ca-profile

      list trusted-ca-group {
        key "name";
        ordered-by user;
        description
          "Trusted Certificate Authority group configuration";
        leaf name {
          type string {
            length "1 .. 63";
          }
          description
            "Name of the trusted CA group";
        }

        uses apply-advanced;

        leaf-list ca-profiles {
          type string {
            length "1 .. 63";
          }
          max-elements 20;
          ordered-by user;
          description
            "Name of the CA profiles (maximum 20)";
        }
      }  // list trusted-ca-group

      container trap {
        presence "enable trap";
        description
          "Trap options for PKI certificates";
        uses apply-advanced;

        list certificate-id {
          key "name";
          ordered-by user;
          description
            "Local certificate identifier";
          leaf name {
            type string;
            description "Local cert id";
          }

          uses apply-advanced;

          leaf days {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            default "60";
            description
              "Number of days to generate trap (default 60)";
          }
        }  // list certificate-id

        list ca-identity {
          key "name";
          ordered-by user;
          description "CA identity";
          leaf name {
            junos:must "("security pki ca-profile $$")";
            junos:must-message "Referenced ca-profile must be defined under [edit security pki ca-profile]";
            type string;
            description "CA profile";
          }

          uses apply-advanced;

          leaf days {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            default "60";
            description
              "Number of days to generate trap (default 60)";
          }
        }  // list ca-identity

        container all-certificates {
          presence "enable all-certificates";
          description
            "Trap config for all certificates";
          uses apply-advanced;

          leaf days {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 100";
              }
            }
            default "60";
            description
              "Number of days to generate trap (default 60)";
          }
        }  // container all-certificates
      }  // container trap

      container auto-re-enrollment {
        description
          "Auto re-enroll of certificate";
        uses apply-advanced;

        container cmpv2 {
          presence "enable cmpv2";
          description
            "CMPv2 auto re-enrollment configuration";
          uses apply-advanced;

          list certificate-id {
            key "name";
            ordered-by user;
            description
              "CMPv2 auto re-enrollment configuration for certificate-id";
            leaf name {
              type string {
                junos:posix-pattern "^.{1,32}$";
                junos:pattern-message "Must be string of 32 characters or less";
              }
              description
                "Certificate identifier that needs auto re-enrollment";
            }

            uses apply-advanced;

            leaf ca-profile-name {
              junos:must "("security pki ca-profile $$ enrollment url")";
              junos:must-message "Referenced ca-profile must have enrollment url configured under [edit security pki ca-profile <ca-profile-name> enrollment url]";
              junos:must "("security pki ca-profile $$")";
              junos:must-message "Referenced ca-profile must be defined under [edit security pki ca-profile]";
              type string {
                junos:posix-pattern "^.{1,32}$";
                junos:pattern-message "Must be string of 32 characters or less";
              }
              description
                "Name of certificate authority profile";
            }

            leaf re-enroll-trigger-time-percentage {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 99";
                }
              }
              description
                "Re-enrollment trigger time before expiration as percentage";
            }

            leaf re-generate-keypair {
              type empty;
              description
                "Generate new key-pair for auto-re-enrollment";
            }
          }  // list certificate-id
        }  // container cmpv2

        container scep {
          presence "enable scep";
          description
            "SCEP auto re-enrollment configuration";
          uses apply-advanced;

          list certificate-id {
            key "name";
            ordered-by user;
            description
              "SCEP auto re-enrollment configuration for certificate-id";
            leaf name {
              type string {
                junos:posix-pattern "^.{1,32}$";
                junos:pattern-message "Must be string of 32 characters or less";
              }
              description
                "Certificate identifier that needs auto re-enrollment";
            }

            uses apply-advanced;

            leaf ca-profile-name {
              junos:must "("security pki ca-profile $$ enrollment url")";
              junos:must-message "Referenced ca-profile must have enrollment url configured under [edit security pki ca-profile <ca-profile-name> enrollment url]";
              junos:must "("security pki ca-profile $$")";
              junos:must-message "Referenced ca-profile must be defined under [edit security pki ca-profile]";
              type string {
                junos:posix-pattern "^.{1,32}$";
                junos:pattern-message "Must be string of 32 characters or less";
              }
              description
                "Name of certificate authority profile";
            }

            leaf re-generate-keypair {
              type empty;
              description
                "Generate new key-pair for auto-re-enrollment";
            }

            leaf re-enroll-trigger-time-percentage {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 99";
                }
              }
              description
                "Re-enrollment trigger time before expiration as percentage";
            }

            leaf challenge-password {
              type jt:unreadable;
              description
                "Password used by CA for enrollment and revocation";
            }

            container scep-encryption-algorithm {
              presence
                "enable scep-encryption-algorithm";
              description
                "SCEP encryption algorithm";
              uses apply-advanced;

              choice scep-encryption-algorithm-options {
                leaf des {
                  type empty;
                  description
                    "Use DES as SCEP encryption algorithm";
                }
                leaf des3 {
                  type empty;
                  description
                    "Use DES3 as SCEP encryption algorithm";
                }
              }  // choice scep-encryption-algorithm-options
            }  // container scep-encryption-algorithm

            container scep-digest-algorithm {
              presence
                "enable scep-digest-algorithm";
              description
                "SCEP digest algorithm";
              uses apply-advanced;

              choice scep-digest-algorithm-options {
                leaf md5 {
                  type empty;
                  description
                    "Use MD5 as SCEP digest algorithm";
                }
                leaf sha1 {
                  type empty;
                  description
                    "Use SHA1 as SCEP digest algorithm";
                }
              }  // choice scep-digest-algorithm-options
            }  // container scep-digest-algorithm
          }  // list certificate-id
        }  // container scep

        list certificate-id {
          key "name";
          ordered-by user;
          description
            "Auto re-enrollment configuration for certificate-id";
          leaf name {
            type string {
              junos:posix-pattern "^.{1,32}$";
              junos:pattern-message "Must be string of 32 characters or less";
            }
            description
              "Certificate identifier that needs auto re-enrollment";
          }

          uses apply-advanced;

          leaf ca-profile-name {
            junos:must "("security pki ca-profile $$ enrollment url")";
            junos:must-message "Referenced ca-profile must have enrollment url configured under [edit security pki ca-profile <ca-profile-name> enrollment url]";
            junos:must "("security pki ca-profile $$")";
            junos:must-message "Referenced ca-profile must be defined under [edit security pki ca-profile]";
            type string {
              junos:posix-pattern "^.{1,32}$";
              junos:pattern-message "Must be string of 32 characters or less";
            }
            description
              "Name of certificate authority profile";
          }

          leaf re-generate-keypair {
            type empty;
            description
              "Generate new key-pair for auto-re-enrollment";
          }

          leaf re-enroll-trigger-time-percentage {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 99";
              }
            }
            description
              "Re-enrollment trigger time before expiration as percentage";
          }

          leaf challenge-password {
            type jt:unreadable;
            description
              "Password used by CA for enrollment and revocation";
          }

          container scep-encryption-algorithm {
            presence
              "enable scep-encryption-algorithm";
            description
              "SCEP encryption algorithm";
            uses apply-advanced;

            choice scep-encryption-algorithm-options {
              leaf des {
                type empty;
                description
                  "Use DES as SCEP encryption algorithm";
              }
              leaf des3 {
                type empty;
                description
                  "Use DES3 as SCEP encryption algorithm";
              }
            }  // choice scep-encryption-algorithm-options
          }  // container scep-encryption-algorithm

          container scep-digest-algorithm {
            presence
              "enable scep-digest-algorithm";
            description
              "SCEP digest algorithm";
            uses apply-advanced;

            choice scep-digest-algorithm-options {
              leaf md5 {
                type empty;
                description
                  "Use MD5 as SCEP digest algorithm";
              }
              leaf sha1 {
                type empty;
                description
                  "Use SHA1 as SCEP digest algorithm";
              }
            }  // choice scep-digest-algorithm-options
          }  // container scep-digest-algorithm
        }  // list certificate-id
      }  // container auto-re-enrollment

      container traceoptions {
        description "PKI trace options";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum
                "certificate-verification" {
                value 0;
                description
                  "PKI certificate verification tracing";
              }
              enum "online-crl-check" {
                value 1;
                description
                  "PKI online crl tracing";
              }
              enum "enrollment" {
                value 2;
                description
                  "PKI certificate enrollment tracing";
              }
              enum "all" {
                value 3;
                description
                  "Trace with all flags enabled";
              }
            }
          }
        }  // list flag
      }  // container traceoptions
    }  // grouping security-pki

    grouping security-traceoptions {
      description
        "Trace options for key management process";
      uses apply-advanced;

      leaf no-remote-trace {
        junos:must "("system tracing")";
        junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
        type empty;
        description "Disable remote tracing";
      }

      container file {
        description "Trace file information";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "3";
          description
            "Maximum number of trace files";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice

        leaf match {
          type jt:regular-expression;
          description
            "Regular expression for lines to be logged";
        }
      }  // container file

      leaf rate-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        default "0";
        description
          "Limit the incoming rate of trace messages";
      }

      container filter {
        description
          "Filter parameters for IKE traceoptions";
        uses apply-advanced;

        leaf fpc {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description "FPC slot number";
        }

        leaf pic {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description "PIC slot number";
        }
      }  // container filter

      list flag {
        key "name";
        ordered-by user;
        description
          "Tracing parameters for IKE";
        leaf name {
          type enumeration {
            enum "timer" {
              value 0;
              description
                "Trace internal timer events";
            }
            enum "routing-socket" {
              value 1;
              description
                "Trace routing socket messages";
            }
            enum "parse" {
              value 2;
              description
                "Trace configuration processing";
            }
            enum "config" {
              value 3;
              description
                "Trace configuration download processing";
            }
            enum "ike" {
              value 4;
              description
                "Trace IKE module processing";
            }
            enum "policy-manager" {
              value 5;
              description
                "Trace policy manager processing";
            }
            enum "general" {
              value 6;
              description
                "Trace general events";
            }
            enum "database" {
              value 7;
              description
                "Trace security associations database events";
            }
            enum "certificates" {
              value 8;
              description
                "Trace certificate events";
            }
            enum "snmp" {
              value 9;
              description
                "Trace SNMP operations";
            }
            enum "thread" {
              value 10;
              description
                "Trace thread processing";
            }
            enum "high-availability" {
              value 11;
              description
                "Trace high-availability operations";
            }
            enum "next-hop-tunnels" {
              value 12;
              description
                "Trace next-hop-tunnels operations";
            }
            enum "all" {
              value 13;
              description "Trace everything";
            }
          }
        }
      }  // list flag
    }  // grouping security-traceoptions

    grouping security-zone-type {
      description "Security zone";
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]._-]+$";
          junos:pattern-message "Must be a string consisting of letters, numbers, dashes and underscores";
          length "1 .. 63";
        }
        description "Name of the zone";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of zone";
      }

      leaf tcp-rst {
        type empty;
        description
          "Send RST for NON-SYN packet not matching TCP session";
      }

      container address-book {
        junos:must "(!("security address-book"))";
        junos:must-message "Zone specific address books are not allowed when there are global address books defined";
        description "Address book entries";
        uses address-book-type;
      }  // container address-book

      leaf screen {
        junos:must "("security screen ids-option $$")";
        junos:must-message "referenced ids-object must be defined under [security screen ids-option]";
        type string {
          length "1 .. 32";
        }
        description
          "Name of ids option object applied to the zone";
      }

      container host-inbound-traffic {
        description
          "Allowed system services & protocols";
        uses zone_host_inbound_traffic_t;
      }  // container host-inbound-traffic

      list interfaces {
        key "name";
        ordered-by user;
        description
          "Interfaces that are part of this zone";
        uses zone-interface-list-type;
      }  // list interfaces

      leaf application-tracking {
        type empty;
        description
          "Enable Application tracking support for this zone";
      }

      leaf source-identity-log {
        type empty;
        description
          "Show user and group info in session log for this zone";
      }

      container advance-policy-based-routing-profile {
        description
          "Enable Advance Policy Based Routing on this zone";
        uses apply-advanced;

        leaf profile {
          type string {
            length "1 .. 63";
          }
          description
            "Advance policy based routing profile name";
        }
      }  // container advance-policy-based-routing-profile

      leaf enable-reverse-reroute {
        type empty;
        description
          "Enable Reverse route lookup when there is change in ingress interface";
      }

      leaf unidirectional-session-refreshing {
        type empty;
        description
          "Enable unidirectional session refreshing on this zone";
      }

      container advanced-connection-tracking {
        description
          "Enable Advance Policy Based Routing on this zone";
        uses apply-advanced;

        leaf timeout {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Timeout value in seconds for advanced-connection-tracking table for this zone";
        }

        leaf mode {
          type enumeration {
            enum "allow-any-host" {
              value 0;
              description
                "Create allow-any-host table, thus policies whose to-zone is this zone can lookup";
            }
            enum "allow-target-host" {
              value 1;
              description
                "Create allow-target-host table, thus policies whose to-zone is this zone can lookup";
            }
            enum "allow-target-host-port" {
              value 2;
              description
                "Create allow-target-host-port table, thus policies whose to-zone is this zone can lookup";
            }
          }
        }

        leaf track-all-policies-to-this-zone {
          type empty;
          description
            "Mandate all policies with to-zone set to this zone to do connection track table lookup";
        }
      }  // container advanced-connection-tracking
    }  // grouping security-zone-type

    grouping address-book-type {
      description
        "Configure security address book for the zone";
      uses apply-advanced;

      list address {
        key "name";
        ordered-by user;
        description
          "Define a security address";
        uses address_type;
      }  // list address

      list address-set {
        key "name";
        ordered-by user;
        description
          "Define a security address set";
        uses address_set_type;
      }  // list address-set
    }  // grouping address-book-type

    grouping security_intelligence_feeds {
      description
        "Specify the feed post action";
      uses apply-advanced;

      container add-source-ip-to-feed {
        description "Add Source IP to Feed";
        uses apply-advanced;

        leaf name-of-feed {
          type string {
            length "1 .. 64";
          }
          description
            "Specify the desired feed-name";
        }
      }  // container add-source-ip-to-feed

      container add-destination-ip-to-feed {
        description
          "Add Destination IP to Feed";
        uses apply-advanced;

        leaf name-of-feed {
          type string {
            length "1 .. 64";
          }
          description
            "Specify the desired feed-name";
        }
      }  // container add-destination-ip-to-feed

      container add-source-identity-to-feed {
        description
          "Add Source Identity to Feed";
        uses apply-advanced;

        leaf name-of-feed {
          type string {
            length "1 .. 64";
          }
          description
            "Specify the desired feed-name";
        }
      }  // container add-source-identity-to-feed

      container add-destination-identity-to-feed {
        description
          "Add Destination Identity to Feed";
        uses apply-advanced;

        leaf name-of-feed {
          type string {
            length "1 .. 64";
          }
          description
            "Specify the desired feed-name";
        }
      }  // container add-destination-identity-to-feed
    }  // grouping security_intelligence_feeds

    grouping server {
      description "Server settings";
      uses apply-advanced;

      leaf host {
        type string;
        description
          "Server host IP address or string host name";
      }

      leaf port {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1024 .. 65535";
          }
        }
        description "Server port";
      }

      leaf routing-instance {
        junos:must "("routing-instances $$")";
        junos:must-message "Routing-instance must be defined";
        type string;
        description "Routing instance name";
      }

      leaf source-address {
        type jt:ipaddr;
        description
          "Source ip address used to connect server";
      }
    }  // grouping server

    grouping server-active-leasequery-type {
      description "Allow active leasequery";
      uses apply-advanced;

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 3600";
          }
        }
        units "seconds";
        default "120";
        description
          "Read/write timeout in seconds";
      }

      leaf idle-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "10 .. 3600";
          }
        }
        units "seconds";
        default "60";
        description
          "Idle-timeout in seconds";
      }
    }  // grouping server-active-leasequery-type

    grouping server-bulk-leasequery-type {
      description "Allow bulk leasequery";
      uses apply-advanced;

      leaf max-connections {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 10";
          }
        }
        default "3";
        description
          "Max TCP connections allowed at a time";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1000";
          }
        }
        units "seconds";
        default "120";
        description
          "Timeout for blocked connection";
      }

      leaf max-empty-replies {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 100";
          }
        }
        units "seconds";
        default "5";
        description
          "Maximum number of empty replies for a connection";
      }

      leaf restricted-requestor {
        type empty;
        description
          "Allow bulk leasequery only from restricted requestors";
      }
    }  // grouping server-bulk-leasequery-type

    grouping server-connection-type {
      description
        "Connection parameters per server";
      uses apply-advanced;

      leaf address {
        type jt:ipaddr;
        description "IP address";
      }

      leaf ca-certificate {
        type string {
          length "1 .. 256";
        }
        description
          "Ca-certificate file name";
      }

      leaf client-id {
        type string {
          length "1 .. 64";
        }
        description
          "Client ID for OAuth2 grant";
      }

      leaf client-secret {
        type string {
          length "1 .. 128";
        }
        description
          "Client secret for OAuth2 grant";
      }
    }  // grouping server-connection-type

    grouping server-group-type {
      uses apply-advanced;

      list server-group {
        key "name";
        ordered-by user;
        description
          "One or more server groups";
        leaf name {
          type string {
            junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
            junos:pattern-message "Must be a non-reserved string of 64 characters or less";
            length "1 .. 64";
          }
          description "Server group name";
        }

        uses apply-advanced;

        list address {
          key "name";
          max-elements 32;
          ordered-by user;
          description
            "IP Address of one or more DHCP servers";
          leaf name {
            type jt:ipaddr;
            description
              "IP Address of DHCP server";
          }

          uses apply-advanced;
        }  // list address
      }  // list server-group
    }  // grouping server-group-type

    grouping server-leasequery-type {
      description "Allow leasequery";
      uses apply-advanced;

      leaf restricted-requestor {
        type empty;
        description
          "Allow leasequery only from restricted requestors";
      }
    }  // grouping server-leasequery-type

    grouping server-match-action-choice {
      uses apply-advanced;

      choice v4-action-choice {
        leaf forward-only {
          type empty;
          description
            "Forward without subscriber services";
        }
        leaf create-relay-entry {
          type empty;
          description
            "Create relay entry and allow subscriber services";
        }
      }  // choice v4-action-choice
    }  // grouping server-match-action-choice

    grouping server-match-v6-ascii-hex {
      uses apply-advanced;

      list ascii {
        key "name";
        description "ASCII string";
        leaf name {
          type string {
            length "1 .. 256";
          }
          description "ASCII string";
        }

        uses apply-advanced;

        choice server-match-action-choice {
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
          leaf create-relay-entry {
            type empty;
            description
              "Create relay entry and allow subscriber services";
          }
        }  // choice server-match-action-choice
      }  // list ascii

      list hexadecimal {
        key "name";
        description "Hexadecimal string";
        leaf name {
          type string {
            junos:posix-pattern "^[[:xdigit:]]+$";
            junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            length "1 .. 512";
          }
          description "Hexadecimal string";
        }

        uses apply-advanced;

        choice server-match-action-choice {
          leaf forward-only {
            type empty;
            description
              "Forward without subscriber services when a match is made";
          }
          leaf create-relay-entry {
            type empty;
            description
              "Create relay entry and allow subscriber services";
          }
        }  // choice server-match-action-choice
      }  // list hexadecimal
    }  // grouping server-match-v6-ascii-hex

    grouping server-v6-option-ascii-hex {
      uses apply-advanced;

      list ascii {
        key "name";
        description "ASCII string";
        leaf name {
          type string {
            length "1 .. 256";
          }
          description "ASCII string";
        }

        uses apply-advanced;
      }  // list ascii

      list hexadecimal {
        key "name";
        description "Hexadecimal string";
        leaf name {
          type string {
            junos:posix-pattern "^[[:xdigit:]]+$";
            junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            length "1 .. 512";
          }
          description "Hexadecimal string";
        }

        uses apply-advanced;
      }  // list hexadecimal
    }  // grouping server-v6-option-ascii-hex

    grouping session_timeout_type {
      uses apply-advanced;

      leaf tcp {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 86400";
          }
        }
        units "seconds";
        description
          "Timeout value for tcp sessions";
      }

      leaf udp {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 86400";
          }
        }
        units "seconds";
        description
          "Timeout value for udp sessions";
      }

      leaf ospf {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 86400";
          }
        }
        units "seconds";
        description
          "Timeout value for ospf sessions";
      }

      leaf icmp {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 86400";
          }
        }
        units "seconds";
        description
          "Timeout value for icmp sessions";
      }

      leaf icmp6 {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 86400";
          }
        }
        units "seconds";
        description
          "Timeout value for icmp6 sessions";
      }

      leaf others {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 86400";
          }
        }
        units "seconds";
        description
          "Timeout value for other sessions";
      }
    }  // grouping session_timeout_type

    grouping sla_policy_type {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "APBR policy name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of policy";
      }

      container match {
        description
          "Specify sla policy match-criteria";
        uses apply-advanced;

        choice source-address_choice {
          leaf-list source-address {
            type string;
            ordered-by user;
          }
        }  // choice source-address_choice

        choice destination-address_choice {
          leaf-list destination-address {
            type string;
            ordered-by user;
          }
        }  // choice destination-address_choice

        leaf source-address-excluded {
          type empty;
          description
            "Exclude source addresses";
        }

        leaf destination-address-excluded {
          type empty;
          description
            "Exclude destination addresses";
        }

        choice application_type_choice {
          leaf-list application {
            junos:must "((".. .. .. .. .. .. .. applications application $$" || (".. .. .. .. .. .. .. applications application-set $$" || (".. .. .. .. .. .. .. .. applications application $$" || ".. .. .. .. .. .. .. .. applications application-set $$"))))";
            junos:must-message "application or application-set must be defined";
            type string {
              length "1 .. 63";
            }
            ordered-by user;
            description
              "Specify application or application-set name to match";
          }
        }  // choice application_type_choice

        choice source_identity_choice {
          leaf-list source-identity {
            type string;
            ordered-by user;
          }
        }  // choice source_identity_choice
      }  // container match

      container then {
        description
          "Specify policy action to take when packet match criteria";
        uses apply-advanced;

        choice action {
          container application-services {
            description
              "Application Services";
            uses sla_application_services_type;
          }  // container application-services
        }  // choice action
      }  // container then

      leaf scheduler-name {
        junos:must "("schedulers scheduler $$")";
        junos:must-message "scheduler must be defined";
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Name of scheduler";
      }
    }  // grouping sla_policy_type

    grouping sla_application_services_type {
      description "Application Services";
      uses apply-advanced;

      leaf advance-policy-based-routing-profile {
        junos:must "("security advance-policy-based-routing profile $$")";
        junos:must-message "advance-policy-based-routing profile must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Specify APBR profile name";
      }
    }  // grouping sla_application_services_type

    grouping softwires-object {
      description
        "Configure softwire feature";
      uses apply-advanced;

      list softwire-name {
        key "name";
        description
          "Configure softwire object";
        uses softwire-option-type;
      }  // list softwire-name

      container softwire-types {
        description
          "Configure softwire objects";
        uses apply-advanced;

        list v6rd {
          key "name";
          description
            "Configure v6rd object";
          uses softwire-option-type;
        }  // list v6rd

        list ds-lite {
          key "name";
          description
            "Configure ds-lite object";
          uses softwire-option-type;
        }  // list ds-lite

        list map-e {
          key "name";
          ordered-by user;
          description
            "Configure Map-e object";
          uses map-e-domain;
        }  // list map-e
      }  // container softwire-types

      list map-e {
        key "name";
        max-elements 1;
        ordered-by user;
        description
          "Configure a MAP-E domain and domain rules";
        uses map-e-domain;
      }  // list map-e

      container traceoptions {
        description
          "Trace options for Network Security DS-Lite";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        list flag {
          key "name";
          ordered-by user;
          description "Tracing parameters";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Trace configuration events";
              }
              enum "flow" {
                value 1;
                description
                  "Trace flow events";
              }
              enum "all" {
                value 2;
                description
                  "Trace everything";
              }
            }
          }
        }  // list flag
      }  // container traceoptions

      list rule-set {
        key "name";
        ordered-by user;
        description
          "Define a softwire rule set";
        uses sw-rule-set-object;
      }  // list rule-set
    }  // grouping softwires-object

    grouping map-e-domain {
      description "Configure a MAP-E domain";
      leaf name {
        type string {
          junos:posix-pattern "![_]";
          junos:pattern-message "A special character _ is not allowed";
          length "1 .. 11";
        }
        description "MAP-E domain name";
      }

      uses apply-advanced;

      leaf confidentiality {
        type empty;
        description
          "Configure JUNOS MAP-E confidentiality";
      }

      leaf br-address {
        type jt:unreadable;
        description "Ipv6 address of BR";
      }

      container end-user-prefix {
        description
          "Configure end-user-prefix value or source interface for obtaining end-user-prefix";
        uses apply-advanced;

        leaf prefix-value {
          junos:must "(!(".. auto"))";
          junos:must-message "Explicit end-user-prefix is not allowed when auto is configured";
          type jt:ipv6prefix;
          description "End user prefix";
        }
      }  // container end-user-prefix

      list rule {
        key "name";
        max-elements 101;
        ordered-by user;
        description
          "Configure a BMR or FMR rule for map-e ";
        uses map-e-rule;
      }  // list rule

      leaf role {
        type enumeration {
          enum "CE" {
            value 0;
            description "CE deployment";
          }
        }
        description
          "Define a role of the MAP-E";
      }

      leaf version {
        type enumeration {
          enum "3" {
            value 0;
            description
              "Version 3: draft-ietf-softwire-map-03";
          }
        }
        description
          "Define version of the MAP-E";
      }
    }  // grouping map-e-domain

    grouping map-e-rule {
      description "Configure a MAP-E rule";
      leaf name {
        type string {
          junos:posix-pattern "![_]";
          junos:pattern-message "A special character _ is not allowed";
          length "1 .. 11";
        }
        description "MAP-E rule name";
      }

      uses apply-advanced;

      leaf rule-type {
        type enumeration {
          enum "BMR" {
            value 0;
            description
              "Define BMR rule type";
          }
          enum "FMR" {
            value 1;
            description
              "Define FMR rule type";
          }
        }
        description
          "Define a rule type of MAP-E";
      }

      leaf ipv4-prefix {
        type jt:unreadable;
        description "Ipv4 prefix";
      }

      leaf ipv6-prefix {
        type jt:unreadable;
        description "Ipv6 prefix";
      }

      leaf ea-bits-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 48";
          }
        }
        description "EA bits length";
      }

      leaf psid-offset {
        type jt:unreadable;
        description "PSID offset";
      }

      leaf psid-len {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 16";
          }
        }
        description "PSID length";
      }

      leaf mtu-v6 {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1280 .. 9192";
          }
        }
        default "9192";
        description
          "MTU for the softwire tunnel";
      }

      leaf v4-reassembly {
        type empty;
        description
          "MAP-E IPv4 reassembly support";
      }

      leaf v6-reassembly {
        type empty;
        description
          "MAP-E IPv6 reassembly support";
      }

      leaf disable-auto-route {
        type empty;
        description
          "MAP-E Disable Auto Route";
      }
    }  // grouping map-e-rule

    grouping softwire-option-type {
      description
        "Configure softwire object";
      leaf name {
        type string {
          length "1 .. 23";
        }
        description
          "DS-Lite/Softwire object name";
      }

      uses apply-advanced;

      leaf softwire-concentrator {
        type jt:ipaddr;
        description "Concentrator address";
      }

      leaf softwire-type {
        type enumeration {
          enum "IPv4-in-IPv6" {
            value 0;
            description "Ipv4-in-IPv6";
          }
          enum "v6rd" {
            value 1;
            description "V6rd";
          }
        }
        default "IPv4-in-IPv6";
        description "Softwire-type";
      }

      leaf ipv4-prefix {
        type jt:ipv4prefix;
        description
          "6rd customer edge IPV4 prefix";
      }

      leaf v6rd-prefix {
        type jt:ipv6prefix;
        description
          "6rd domain's IPV6 prefix";
      }

      leaf mtu-v4 {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "576 .. 9192";
          }
        }
        description
          "MTU for the softwire tunnel";
      }

      leaf mtu-v6 {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1280 .. 9192";
          }
        }
        description
          "MTU for the softwire tunnel";
      }

      leaf auto-update-mtu {
        type empty;
        description
          "Auto update MTU from received ICMPv6 messages";
      }

      leaf copy-dscp {
        type empty;
        description
          "Copy DSCP (type of service) from IPv6 to IPv4 header";
      }

      leaf flow-limit {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 16384";
          }
        }
        default "0";
        description
          "Max Number of IPv4 flows per Softwire";
      }

      leaf session-limit-per-prefix {
        junos:must "(!(".. flow-limit"))";
        junos:must-message "Cannot configure both flow-limit and session-limit-per-prefix in same softwire-concentrator";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 16384";
          }
        }
        default "0";
        description
          "Max number of sessions allowed per Softwire prefix";
      }
    }  // grouping softwire-option-type

    grouping sophos-scan-options {
      description "Anti-virus scan options";
      uses apply-advanced;

      choice uri-check-choice {
        leaf uri-check {
          type empty;
          description "Anti-virus uri-check";
        }
        leaf no-uri-check {
          type empty;
          description
            "Don't anti-virus uri-check";
        }
      }  // choice uri-check-choice

      leaf content-size-limit {
        type string;
        units "kilobytes";
        description "Content size limit";
      }

      leaf timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 1800";
          }
        }
        units "seconds";
        description "Scan engine timeout";
      }
    }  // grouping sophos-scan-options

    grouping spring-te-template-map {
      description
        "SPRING-TE template color map";
      leaf name {
        junos:must "("protocols source-packet-routing source-routing-path-template $$ primary")";
        junos:must-message "Referenced spring-te template doesn't exist or primary not configured in it";
        type string;
        description
          "Name of SPRING-TE template";
      }

      uses apply-advanced;

      choice colors {
        leaf-list color {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Set of color list to be mapped to corresponding SPRING-TE template";
        }
        leaf color-any {
          type empty;
          description
            "Map any color to corresponding SPRING-TE template";
        }
      }  // choice colors
    }  // grouping spring-te-template-map

    grouping springte_lsp_nh_obj {
      uses apply-advanced;

      leaf nexthop {
        type string {
          length "1 .. 128";
        }
        description
          "SPRING-TE LSP to use to reach destination";
      }

      container lsp-source {
        description
          "Source of tunnel creation";
        uses apply-advanced;

        choice lsp-src-choice {
          leaf pcep {
            type empty;
            description
              "Path computation element protocol";
          }
          leaf static {
            type empty;
            description
              "Static configuration";
          }
          leaf dtm {
            type empty;
            description
              "Dynamic tunnel module";
          }
          leaf bgp {
            type empty;
            description "BGP SRTE";
          }
        }  // choice lsp-src-choice
      }  // container lsp-source
    }  // grouping springte_lsp_nh_obj

    grouping ssg-destination-nat-object {
      uses apply-advanced;

      list pool {
        key "name";
        ordered-by user;
        description
          "Define a destination address pool";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description "Pool name";
        }

        uses apply-advanced;

        leaf description {
          type string {
            junos:posix-pattern "^[^&<>
]+$";
            junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
            length "1 .. 900";
          }
          description
            "Text description of pool";
        }

        container routing-instance {
          description "Routing instance";
          uses apply-advanced;

          choice ri-name-choice {
            leaf default {
              type empty;
              description
                "Default routing-instance";
            }
            leaf ri-name {
              junos:must "(("routing-instances $$ instance-type virtual-router" || "routing-instances $$ instance-type vrf"))";
              junos:must-message "Instance-type virtual-router or vrf must be defined under [routing-instances]";
              junos:must "("routing-instances $$")";
              junos:must-message "Routing-instance must be defined";
              type string {
                junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
              }
              description
                "Routing-instance name";
            }
          }  // choice ri-name-choice
        }  // container routing-instance

        container address {
          description
            "Add address or address range to pool";
          leaf ipaddr {
            type jt:ipprefix;
            description
              "IPv4 or IPv6 address or address range";
          }

          choice range-port-choice {
            container to {
              description
                "Upper limit of address range";
              uses apply-advanced;

              leaf ipaddr {
                type jt:ipprefix;
                description
                  "IPv4 or IPv6 upper limit of address range";
              }
            }  // container to
            leaf port {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Specify the port value";
            }
          }  // choice range-port-choice
        }  // container address
      }  // list pool

      list port-forwarding {
        key "name";
        ordered-by user;
        description
          "Define a port-forwarding mapping pool";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description
            "Port Forwarding mapping name";
        }

        uses apply-advanced;

        leaf description {
          type string {
            junos:posix-pattern "^[^&<>
]+$";
            junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
            length "1 .. 900";
          }
          description
            "Text description of port forwarding mapping";
        }

        list destined-port {
          key "port translated-port";
          max-elements 32;
          ordered-by user;
          description
            "Port forwarding mappings";
          leaf port {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Destination port";
          }

          leaf translated-port {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "Translated port";
          }
        }  // list destined-port
      }  // list port-forwarding

      list rule-set {
        key "name";
        ordered-by user;
        description
          "Configurate a set of rules";
        leaf name {
          junos:must "((!("services nat source rule-set $$") && !("services nat static rule-set $$")))";
          junos:must-message "the rule set name should be unique across all types of nat";
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description "Rule-set name";
        }

        uses apply-advanced;

        leaf description {
          type string {
            junos:posix-pattern "^[^&<>
]+$";
            junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
            length "1 .. 900";
          }
          description
            "Text description of rule set";
        }

        container from {
          description
            "Where is the traffic from";
          choice from-context-choice {
            leaf-list routing-instance {
              type string;
              max-elements 8;
              description
                "Source routing instance list";
            }
            leaf-list routing-group {
              type string;
              max-elements 8;
              description
                "Source routing group list";
            }
            leaf-list zone {
              type string;
              max-elements 8;
              description "Source zone list";
            }
            leaf-list interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              max-elements 8;
              description
                "Source interface list";
            }
          }  // choice from-context-choice
        }  // container from

        list rule {
          key "name";
          ordered-by user;
          description "Destination NAT rule";
          uses dest-nat-rule-object;
        }  // list rule

        leaf match-direction {
          type enumeration {
            enum "input" {
              value 0;
              description
                "Match on input to interface";
            }
            enum "output" {
              value 1;
              description
                "Match on output from interface";
            }
          }
          description "Match direction";
        }
      }  // list rule-set
    }  // grouping ssg-destination-nat-object

    grouping dest-nat-rule-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 31";
        }
        description "Rule name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of rule";
      }

      container dest-nat-rule-match {
        description
          "Specify Destination NAT rule match criteria";
        uses apply-advanced;

        leaf-list source-address {
          type string;
          max-elements 8;
          ordered-by user;
          description "Source address";
        }

        leaf-list source-address-name {
          type string;
          max-elements 8;
          ordered-by user;
          description
            "Address/address-set from address book";
        }

        choice dst-choice {
          container destination-address {
            description
              "Destination address";
            choice dst-addr-choice {
              leaf dst-addr {
                type jt:ipprefix;
                description
                  "IPv4 or IPv6 destination address";
              }
              leaf any-unicast {
                type empty;
                description
                  "Match any unicast address";
              }
            }  // choice dst-addr-choice
          }  // container destination-address
          container destination-address-name {
            description
              "Address from address book";
            leaf dst-addr-name {
              type string {
                length "1 .. 63";
              }
              description
                "Address from address book";
            }
          }  // container destination-address-name
        }  // choice dst-choice

        list destination-port {
          key "name";
          max-elements 8;
          ordered-by user;
          description "Destination port";
          leaf name {
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Port or lower limit of port range";
          }

          container to {
            description
              "Port range upper limit";
            uses apply-advanced;

            leaf high {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Upper limit of port range";
            }
          }  // container to
        }  // list destination-port

        leaf-list protocol {
          type string;
          max-elements 4;
          ordered-by user;
          description "IP Protocol";
        }

        leaf-list application {
          type string;
          ordered-by user;
        }
      }  // container dest-nat-rule-match

      container then {
        description "Then action";
        uses apply-advanced;

        container destination-nat {
          description
            "Destination NAT action";
          uses apply-advanced;

          choice action {
            leaf off {
              type empty;
              description "No action";
            }
            container pool {
              description
                "Use Destination NAT pool";
              uses apply-advanced;

              leaf pool-name {
                junos:must "(".. .. .. .. .. .. .. .. nat destination pool $$")";
                junos:must-message "Destination NAT pool name must be defined";
                type string {
                  length "1 .. 31";
                }
                description
                  "Name of Destination NAT pool";
              }
            }  // container pool
            leaf destination-prefix {
              type jt:ipprefix-only;
              description
                "Destination prefix to be used for NAT64 and 464 translation type";
            }
          }  // choice action

          container xlat-source-rule {
            junos:must "(".. destination-prefix")";
            junos:must-message "'xlat-source-rule' can be configured only for NAT464 destination rule";
            description
              "Set source nat rule to match for NAT464";
            uses apply-advanced;

            list rule-set {
              key "name";
              max-elements 1;
              ordered-by user;
              description
                "Source nat rule-set";
              leaf name {
                junos:must "("services nat source rule-set $$")";
                junos:must-message "source rule-set must be defined under 'services nat'";
                type string {
                  junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                  junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                  length "1 .. 31";
                }
                description
                  "Source nat rule-set name";
              }

              uses apply-advanced;

              leaf rule {
                type string {
                  junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                  junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                  length "1 .. 31";
                }
                description
                  "Source NAT rule name";
              }
            }  // list rule-set
          }  // container xlat-source-rule

          container port-forwarding-mappings {
            description
              "Use Destination NAT port forwarding mapping pool";
            uses apply-advanced;

            leaf pf-name {
              junos:must "(".. .. .. .. .. .. .. .. nat destination port-forwarding $$")";
              junos:must-message "Port forwarding pool mappings must be defined";
              type string {
                length "1 .. 31";
              }
              description
                "Name of Port forwarding mappings";
            }
          }  // container port-forwarding-mappings

          container rule-session-count-alarm {
            description
              "Config rule-session-count-alarm to destination rule";
            uses nat-rule-session-count-alarm-object;
          }  // container rule-session-count-alarm
        }  // container destination-nat

        leaf syslog {
          type empty;
          description
            "System log information about the packet";
        }
      }  // container then
    }  // grouping dest-nat-rule-object

    grouping nat-rule-session-count-alarm-object {
      uses apply-advanced;

      leaf raise-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Raise threshold for rule session count alarm";
      }

      leaf clear-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 4294967295";
          }
        }
        description
          "Clear threshold for session count hit alarm";
      }
    }  // grouping nat-rule-session-count-alarm-object

    grouping ssg-proxy-arp-object {
      uses apply-advanced;

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface with proxy arp configured";
        uses ssg-interface-object;
      }  // list interface
    }  // grouping ssg-proxy-arp-object

    grouping ssg-interface-object {
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface name";
      }

      uses apply-advanced;

      list address {
        key "name";
        ordered-by user;
        description "Proxy ARP address";
        leaf name {
          type jt:ipv4prefix;
          description
            "Address or address range";
        }

        container to {
          description
            "Upper limit of address range";
          uses apply-advanced;

          leaf ipaddr {
            type jt:ipv4prefix;
            description
              "Upper limit of address range";
          }
        }  // container to
      }  // list address
    }  // grouping ssg-interface-object

    grouping ssg-proxy-ndp-object {
      uses apply-advanced;

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface with proxy arp configured";
        uses ssg-proxy-ndp-interface-object;
      }  // list interface
    }  // grouping ssg-proxy-ndp-object

    grouping ssg-proxy-ndp-interface-object {
      leaf name {
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface name";
      }

      uses apply-advanced;

      list address {
        key "name";
        ordered-by user;
        description "Proxy ndp address";
        leaf name {
          type jt:ipv6prefix;
          description
            "Address or address range";
        }

        container to {
          description
            "Upper limit of address range";
          uses apply-advanced;

          leaf ipv6addr {
            type jt:ipv6addr;
            description
              "Upper limit of address range";
          }
        }  // container to
      }  // list address
    }  // grouping ssg-proxy-ndp-interface-object

    grouping ssg-source-nat-object {
      uses apply-advanced;

      container persistent-nat {
        description "Persistent NAT info";
        container log {
          description
            "Configure persistent NAT log";
          choice enable-disable {
            leaf disable {
              type empty;
              description
                "Disable Persistent NAT log";
            }
          }  // choice enable-disable
        }  // container log
      }  // container persistent-nat

      list pool {
        key "name";
        ordered-by user;
        description
          "Define a source address pool";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description "Pool name";
        }

        uses apply-advanced;

        leaf description {
          type string {
            junos:posix-pattern "^[^&<>
]+$";
            junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
            length "1 .. 900";
          }
          description
            "Text description of pool";
        }

        container routing-instance {
          description "Routing instance";
          uses apply-advanced;

          leaf ri-name {
            junos:must "("routing-instances $$ instance-type virtual-router")";
            junos:must-message "Instance-type virtual-router must be defined under [routing-instances]";
            junos:must "("routing-instances $$")";
            junos:must-message "Routing-instance must be defined";
            type string {
              junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
              junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            }
            description
              "Routing instance name";
          }
        }  // container routing-instance

        list address {
          key "name";
          max-elements 8;
          ordered-by user;
          description "Add address to pool";
          leaf name {
            type jt:ipprefix;
            description
              "IPv4 or IPv6 address or address range";
          }

          container to {
            description
              "Upper limit of address range";
            uses apply-advanced;

            leaf ipaddr {
              type jt:ipprefix;
              description
                "IPv4 or IPv6 upper limit of address range";
            }
          }  // container to
        }  // list address

        container host-address-base {
          description
            "The base of host address";
          leaf ipaddr {
            junos:must "(!(".. .. port range"))";
            junos:must-message "'port range...' must not be configured when configure host-address-base";
            type jt:ipprefix;
            description
              "IPv4 or IPv6 base address";
          }
        }  // container host-address-base

        container port {
          description
            "Config port attribute to pool";
          uses apply-advanced;

          choice port-choice {
            leaf no-translation {
              junos:must "(!(".. automatic"))";
              junos:must-message "'automatic' must not be configured when configure port no-translation";
              junos:must "(!(".. preserve-range"))";
              junos:must-message "'preserve-range' must not be configured when configure port no-translation";
              junos:must "(!(".. preserve-parity"))";
              junos:must-message "'preserve-parity' must not be configured when configure port no-translation";
              type empty;
              description
                "Do not perform port translation";
            }
            container range {
              description "Port range";
              uses apply-advanced;

              choice port-assign-choice {
                leaf random-allocation {
                  junos:must "(!(".. .. .. .. .. .. source pool $$ port no-translation"))";
                  junos:must-message "'port no-translation' must not be configured when configure port assignment as random";
                  type empty;
                  description
                    "Allocate port randomly";
                }
                leaf round-robin {
                  junos:must "(!(".. .. .. .. .. .. source pool $$ port no-translation"))";
                  junos:must-message "'port no-translation' must not be configured when configure port assignment as round-robin";
                  type empty;
                  description
                    "Allocate port round-robin";
                }
              }  // choice port-assign-choice

              leaf low {
                junos:must "(!(".. .. .. host-address-base"))";
                junos:must-message "'host-address-base' must not be configured when configure port range";
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint16 {
                    range "1024 .. 65535";
                  }
                }
                description
                  "Lower limit of port range";
              }

              container to {
                description
                  "Port range upper limit";
                uses apply-advanced;

                leaf high {
                  junos:must "(!(".. .. .. .. host-address-base"))";
                  junos:must-message "'host-address-base' must not be configured when configure port range";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1024 .. 65535";
                    }
                  }
                  description
                    "Upper limit of port range";
                }
              }  // container to

              container twin-port {
                description
                  "Twin port range";
                uses apply-advanced;

                leaf low {
                  junos:must "(!(".. .. .. .. host-address-base"))";
                  junos:must-message "'host-address-base' must not be configured when configure twin port range";
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "63488 .. 65535";
                    }
                  }
                  description
                    "Lower limit of twin port range";
                }

                container to {
                  description
                    "Twin port range upper limit";
                  uses apply-advanced;

                  leaf high {
                    junos:must "(!(".. .. .. .. .. host-address-base"))";
                    junos:must-message "'host-address-base' must not be configured when configure twin port range";
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint16 {
                        range
                          "63488 .. 65535";
                      }
                    }
                    description
                      "Upper limit of twin port range";
                  }
                }  // container to
              }  // container twin-port
            }  // container range
            container automatic {
              description "Port assignment";
              uses apply-advanced;

              choice port-assign-choice {
                leaf random-allocation {
                  junos:must "(!(".. .. .. .. .. .. source pool $$ port no-translation"))";
                  junos:must-message "'port no-translation' must not be configured when configure port assignment as random";
                  type empty;
                  description
                    "Allocate port randomly";
                }
                leaf round-robin {
                  junos:must "(!(".. .. .. .. .. .. source pool $$ port no-translation"))";
                  junos:must-message "'port no-translation' must not be configured when configure port assignment as round-robin";
                  type empty;
                  description
                    "Allocate port by round-robin";
                }
              }  // choice port-assign-choice
            }  // container automatic
          }  // choice port-choice

          leaf port-overloading-factor {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "2 .. 32";
              }
            }
            description
              "Port overloading factor for each IP";
          }

          container block-allocation {
            presence
              "enable block-allocation";
            description
              "Port block allocation";
            uses block-allocation-object;
          }  // container block-allocation

          container deterministic {
            presence "enable deterministic";
            description
              "Deterministic nat allocation";
            uses deterministic-object;
          }  // container deterministic

          leaf preserve-parity {
            junos:must "(!(".. .. .. .. .. source pool $$ port no-translation"))";
            junos:must-message "'port no-translation' must not be configured when configure preserve-parity";
            type empty;
            description
              "Allocate port as the same parity as incoming port";
          }

          leaf preserve-range {
            junos:must "(!(".. .. .. .. .. source pool $$ port no-translation"))";
            junos:must-message "'port no-translation' must not be configured when configure preserve-range";
            type empty;
            description
              "Allocate port from the same port range as incoming port";
          }
        }  // container port

        container overflow-pool {
          junos:must "(".. .. .. source pool ${pool} port no-translation")";
          junos:must-message "'port no-translation' must be configured on original address pool";
          description
            "Specify an overflow pool";
          choice overflow-pool-choice {
            leaf pool-name {
              junos:must "(!(".. .. .. .. source pool $$ host-address-base"))";
              junos:must-message "'host-address-base' must not be configured on overflow address pool";
              junos:must "(!(".. .. .. .. source pool $$ port no-translation"))";
              junos:must-message "'port no-translation' must not be configured on overflow address pool";
              junos:must "(!(".. .. .. .. source pool ${pool} overflow-pool ${pool}"))";
              junos:must-message "Overflow address pool must not be original address pool";
              junos:must "(".. .. .. .. source pool $$")";
              junos:must-message "Overflow address pool must be defined under [nat source pool]";
              type string {
                junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                length "1 .. 31";
              }
              description
                "Name of source address pool";
            }
            leaf interface {
              type empty;
              description
                "Allow interface pool to support overflow";
            }
          }  // choice overflow-pool-choice
        }  // container overflow-pool

        leaf address-shared {
          type empty;
          description
            "Allow multiple hosts to share an externel address";
        }

        container address-pooling {
          description
            "Specify the address-pooling behavior";
          choice pooling-choice {
            leaf paired {
              type empty;
              description
                "Allow address-pooling paired for a source pool with port translation";
            }
            leaf no-paired {
              type empty;
              description
                "Allow address-pooling no-paired for a source pool without port translation";
            }
          }  // choice pooling-choice
        }  // container address-pooling

        container address-persistent {
          description
            "Specify the address-persistent behavior";
          container subscriber {
            description
              "Configure address persistent for subscriber";
            leaf ipv6-prefix-length {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "8 .. 128";
                }
              }
              description
                "Ipv6 prefix length for address persistent";
            }
          }  // container subscriber
        }  // container address-persistent

        container pool-utilization-alarm {
          description
            "Config pool-utilization-alarm to pool";
          uses source-nat-pool-utilization-alarm-object;
        }  // container pool-utilization-alarm

        leaf ei-mapping-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "120 .. 86400";
            }
          }
          units "second";
          description
            "Endpoint-independent mapping timeout";
        }

        leaf mapping-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "120 .. 86400";
            }
          }
          units "second";
          description
            "Address-pooling paired and endpoint-independent mapping timeout";
        }

        leaf limit-ports-per-host {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "2 .. 65535";
            }
          }
          description
            "Number of ports allocated per host";
        }

        container allocation-domain {
          description
            "Specify map-e domain name for pool";
          leaf mape-domain-name {
            junos:must "(!(".. .. address"))";
            junos:must-message "'address...' must not be configured when configure allocation-domain";
            junos:must "("security softwires map-e $$")";
            junos:must-message "mape domain must be defined";
            type string {
              length "1 .. 31";
            }
            description
              "Name of map-e domain";
          }

          container allocation-rule {
            description
              "Specify map-e rule name for pool";
            leaf mape-rule-name {
              type string {
                length "1 .. 31";
              }
              description
                "Name of map-e rule";
            }
          }  // container allocation-rule
        }  // container allocation-domain
      }  // list pool

      leaf address-persistent {
        type empty;
        description
          "Allow source address to maintain same translation";
      }

      leaf session-persistence-scan {
        type empty;
        description
          "Allow source to maintain session when session scan";
      }

      leaf session-drop-hold-down {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "30 .. 28800";
          }
        }
        description
          "Session drop hold down time";
      }

      container pool-utilization-alarm {
        description
          "Configure pool utilization alarm";
        uses source-nat-pool-utilization-alarm-object;
      }  // container pool-utilization-alarm

      container port-randomization {
        description
          "Configure Source NAT port randomization";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable Source NAT port randomization";
          }
        }  // choice enable-disable
      }  // container port-randomization

      container port-round-robin {
        description
          "Configure Source NAT port randomization";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable Source NAT port randomization";
          }
        }  // choice enable-disable
      }  // container port-round-robin

      leaf port-scaling-enlargement {
        type empty;
        description
          "Configure source port scaling to 2.4G only for NGSPC";
      }

      leaf pool-distribution {
        type empty;
        description
          "Configure Source pool distribution, the APPCP bottleneck of NAT CPS can be alleviated.";
      }

      container pool-default-port-range {
        description
          "Configure Source NAT default port range";
        leaf low {
          junos:must "(!(any "security nat source pool <*> host-address-base"))";
          junos:must-message "'host-address-base' must not be configured when configure port range";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16;
          }
          description
            "Lower limit of port range";
        }

        container to {
          description
            "Port range upper limit";
          uses apply-advanced;

          leaf high {
            junos:must "(!(any "security nat source pool <*> host-address-base"))";
            junos:must-message "'host-address-base' must not be configured when configure port range";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16;
            }
            description
              "Upper limit of port range";
          }
        }  // container to
      }  // container pool-default-port-range

      container pool-default-twin-port-range {
        description
          "Configure Source NAT default twin port range";
        leaf low {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "63488 .. 65535";
            }
          }
          description
            "Lower limit of twin port range";
        }

        container to {
          description
            "Twin port range upper limit";
          uses apply-advanced;

          leaf high {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "63488 .. 65535";
              }
            }
            description
              "Upper limit of twin port range";
          }
        }  // container to
      }  // container pool-default-twin-port-range

      container interface {
        description
          "Configure interface port overloading for persistent NAT";
        uses apply-advanced;

        choice interface-choice {
          container port-overloading {
            description
              "Configure port overloading";
            leaf off {
              type empty;
              description
                "Turn off interface port over-loading";
            }
          }  // container port-overloading
          leaf port-overloading-factor {
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Port overloading factor for interface NAT";
          }
        }  // choice interface-choice
      }  // container interface

      list rule-set {
        key "name";
        ordered-by user;
        description
          "Configurate a set of rules";
        leaf name {
          junos:must "((!("services nat destination rule-set $$") && !("services nat static rule-set $$")))";
          junos:must-message "the rule set name should be unique across all types of nat";
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description "Rule-set name";
        }

        uses apply-advanced;

        leaf description {
          type string {
            junos:posix-pattern "^[^&<>
]+$";
            junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
            length "1 .. 900";
          }
          description
            "Text description of rule set";
        }

        container from {
          description
            "Where is the traffic from";
          choice from-context-choice {
            leaf-list routing-instance {
              type string;
              max-elements 8;
              description
                "Source routing instance list";
            }
            leaf-list routing-group {
              type string;
              max-elements 8;
              description
                "Source routing group list";
            }
            leaf-list zone {
              type string;
              max-elements 8;
              description "Source zone list";
            }
            leaf-list interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              max-elements 8;
              description
                "Source interface list";
            }
          }  // choice from-context-choice
        }  // container from

        container to {
          description
            "Where is the traffic to";
          choice from-context-choice {
            leaf-list routing-instance {
              type string;
              max-elements 8;
              description
                "Destination routing instance list";
            }
            leaf-list routing-group {
              type string;
              max-elements 8;
              description
                "Destination routing group list";
            }
            leaf-list zone {
              type string;
              max-elements 8;
              description
                "Destination zone list";
            }
            leaf-list interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              max-elements 8;
              description
                "Destination interface list";
            }
          }  // choice from-context-choice
        }  // container to

        list rule {
          key "name";
          ordered-by user;
          description "Source NAT rule";
          uses src-nat-rule-object;
        }  // list rule

        leaf match-direction {
          type enumeration {
            enum "input" {
              value 0;
              description
                "Match on input to interface";
            }
            enum "output" {
              value 1;
              description
                "Match on output from interface";
            }
          }
          description "Match direction";
        }
      }  // list rule-set
    }  // grouping ssg-source-nat-object

    grouping block-allocation-object {
      description "Port block allocation";
      uses apply-advanced;

      leaf block-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 64512";
          }
        }
        description "Block size";
      }

      leaf maximum-blocks-per-host {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 512";
          }
        }
        description
          "Maximum block number per host";
      }

      leaf active-block-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        description
          "Active block timeout interval";
      }

      leaf interim-logging-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1800 .. 86400";
          }
        }
        description
          "Interim Logging interval";
      }

      leaf last-block-recycle-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "120 .. 864000";
          }
        }
        description
          "Last Block recycle timeout interval";
      }

      container log {
        description
          "Configure port block log";
        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable PBA port block log";
          }
        }  // choice enable-disable
      }  // container log
    }  // grouping block-allocation-object

    grouping deterministic-object {
      description
        "Deterministic nat allocation";
      uses apply-advanced;

      leaf block-size {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16;
        }
        description "Block size";
      }

      leaf det-nat-configuration-log-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1800 .. 86400";
          }
        }
        description
          "Deterministic nat configuration logging interval";
      }

      container host {
        description "Host address";
        leaf-list address {
          type jt:ipprefix;
          max-elements 8;
          ordered-by user;
          description "Host ip address";
        }

        leaf-list address-name {
          type string;
          max-elements 8;
          ordered-by user;
          description
            "Host address/address-set from address book";
        }
      }  // container host

      leaf include-boundary-addresses {
        type empty;
        description
          "Include network and broadcast in 'match' source address";
      }
    }  // grouping deterministic-object

    grouping source-nat-pool-utilization-alarm-object {
      uses apply-advanced;

      leaf raise-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "50 .. 100";
          }
        }
        description
          "Raise threshold for pool utilization alarm";
      }

      leaf clear-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "40 .. 100";
          }
        }
        description
          "Clear threshold for pool utilization alarm";
      }
    }  // grouping source-nat-pool-utilization-alarm-object

    grouping src-nat-rule-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 31";
        }
        description "Source NAT Rule name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of rule";
      }

      container src-nat-rule-match {
        description
          "Specify Source NAT rule match criteria";
        uses apply-advanced;

        leaf-list source-address {
          type string;
          max-elements 8;
          ordered-by user;
          description "Source address";
        }

        leaf-list source-address-name {
          type string;
          max-elements 8;
          ordered-by user;
          description
            "Address/address-set from address book";
        }

        list source-port {
          key "name";
          max-elements 8;
          ordered-by user;
          description "Source port";
          leaf name {
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Port or lower limit of port range";
          }

          container to {
            description
              "Port range upper limit";
            uses apply-advanced;

            leaf high {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Upper limit of port range";
            }
          }  // container to
        }  // list source-port

        leaf-list destination-address {
          type string;
          max-elements 8;
          ordered-by user;
          description "Destination address";
        }

        leaf-list destination-address-name {
          type string;
          max-elements 8;
          ordered-by user;
          description
            "Address/address-set from address book";
        }

        list destination-port {
          key "name";
          max-elements 8;
          ordered-by user;
          description "Destination port";
          leaf name {
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Port or lower limit of port range";
          }

          container to {
            description
              "Port range upper limit";
            uses apply-advanced;

            leaf high {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Upper limit of port range";
            }
          }  // container to
        }  // list destination-port

        leaf-list protocol {
          type string;
          max-elements 4;
          ordered-by user;
          description "IP Protocol";
        }

        leaf-list application {
          type string;
          ordered-by user;
        }
      }  // container src-nat-rule-match

      container then {
        description "Then action";
        uses apply-advanced;

        container source-nat {
          description "Source NAT action";
          uses apply-advanced;

          choice action {
            leaf off {
              type empty;
              description "No action";
            }
            container pool {
              description
                "Use Source NAT pool";
              uses apply-advanced;

              leaf pool-name {
                junos:must "(".. .. .. .. .. .. .. .. nat source pool $$")";
                junos:must-message "Source NAT pool name must be defined";
                type string {
                  length "1 .. 31";
                }
                description
                  "Name of Source NAT pool";
              }

              container persistent-nat {
                presence
                  "enable persistent-nat";
                description
                  "Persistent NAT info";
                uses persistent-nat-object;
              }  // container persistent-nat
            }  // container pool
            container interface {
              presence "enable interface";
              description
                "Use egress interface address";
              uses apply-advanced;

              container persistent-nat {
                presence
                  "enable persistent-nat";
                description
                  "Persistent NAT info";
                uses persistent-nat-object;
              }  // container persistent-nat
            }  // container interface
          }  // choice action

          leaf clat-prefix {
            junos:must "((".. .. .. match source-address" || ".. .. .. match source-address-name"))";
            junos:must-message "source-address or source-address-name is required for Clat-prefix";
            type jt:ipprefix-only;
            description
              "An IPv6 prefix to be used for XLAT464 and prefix length can only be 32/40/48/56/64/96";
          }

          leaf clat-ipv6-prefix-length {
            junos:must "(!(".. .. .. match"))";
            junos:must-message "'match' criteria is not applicable when 'clat-ipv6-prefix-length' is configured.";
            junos:must "(!(".. clat-prefix"))";
            junos:must-message "clat-ipv6-prefix-length cannot be configured along with clat-prefix. Either clat-prefix or clat-ipv6-prefix-length can be configured.";
            type enumeration {
              enum "32" {
                value 0;
                description
                  "The ipv6 prefix length of 32";
              }
              enum "40" {
                value 1;
                description
                  "The ipv6 prefix length of 40";
              }
              enum "48" {
                value 2;
                description
                  "The ipv6 prefix length of 48";
              }
              enum "56" {
                value 3;
                description
                  "The ipv6 prefix length of 56";
              }
              enum "64" {
                value 4;
                description
                  "The ipv6 prefix length of 64";
              }
              enum "96" {
                value 5;
                description
                  "The ipv6 prefix length of 96";
              }
            }
            description
              "The ipv6 prefix length for CLAT source address";
          }

          container rule-session-count-alarm {
            description
              "Config rule-session-count-alarm to source rule";
            uses nat-rule-session-count-alarm-object;
          }  // container rule-session-count-alarm

          container mapping-type {
            description
              "Source nat mapping type";
            leaf endpoint-independent {
              type empty;
              description
                "Endpoint independent mapping";
            }

            leaf address-pooling-paired {
              type empty;
              description
                "Address pooling paired mapping";
            }
          }  // container mapping-type

          container secure-nat-mapping {
            description
              "Mapping options for enhanced security";
            leaf eif-flow-limit {
              junos:must "(".. .. filtering-type")";
              junos:must-message "eif-flow-limit applies only to filtering-type";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint16 {
                  range "0 .. 65534";
                }
              }
              description
                "Number of inbound flows to be allowed for a EIF mapping";
            }

            container mapping-refresh {
              description
                "Enable timer refresh option";
              choice refresh-choice {
                leaf inbound {
                  type empty;
                  description
                    "Enable timer refresh for inbound connections only";
                }
                leaf outbound {
                  type empty;
                  description
                    "Enable timer refresh for outbound connections only";
                }
                leaf inbound-outbound {
                  type empty;
                  description
                    "Enable timer refresh for inbound & outbound connections";
                }
              }  // choice refresh-choice
            }  // container mapping-refresh
          }  // container secure-nat-mapping

          container filtering-type {
            junos:must "(".. mapping-type endpoint-independent")";
            junos:must-message "endpoint independent filtering can not be configured with endpoint-independent mapping only";
            description
              "Source NAT filtering type";
            uses apply-advanced;

            container endpoint-independent {
              presence
                "enable endpoint-independent";
              description
                "Endpoint independent filtering";
              uses apply-advanced;

              list prefix-list {
                key "name";
                ordered-by user;
                description
                  "One or more named lists of source prefixes to match";
                leaf name {
                  type string {
                    length "1 .. 63";
                  }
                  description
                    "Name of prefix list to match against";
                }

                leaf except {
                  type empty;
                  description
                    "Name of prefix list not to match against";
                }
              }  // list prefix-list
            }  // container endpoint-independent
          }  // container filtering-type
        }  // container source-nat

        leaf syslog {
          type empty;
          description
            "System log information about the packet";
        }
      }  // container then
    }  // grouping src-nat-rule-object

    grouping persistent-nat-object {
      uses apply-advanced;

      container permit {
        description
          "Persistent NAT permit configure";
        choice persistent-nat-type-choice {
          leaf any-remote-host {
            type empty;
            description
              "Permit any remote host";
          }
          leaf target-host {
            type empty;
            description "Permit target host";
          }
          leaf target-host-port {
            type empty;
            description
              "Permit target host port";
          }
        }  // choice persistent-nat-type-choice
      }  // container permit

      leaf address-mapping {
        type empty;
        description
          "Address-to-address mapping";
      }

      leaf inactivity-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "60 .. 7200";
          }
        }
        description
          "Inactivity timeout value";
      }

      leaf max-session-number {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "8 .. 65536";
          }
        }
        description
          "The maximum session number value";
      }
    }  // grouping persistent-nat-object

    grouping ssg-static-nat-object {
      uses apply-advanced;

      list rule-set {
        key "name";
        ordered-by user;
        description
          "Configurate a set of rules";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 31";
          }
          description "Rule-set name";
        }

        uses apply-advanced;

        leaf description {
          type string {
            junos:posix-pattern "^[^&<>
]+$";
            junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
            length "1 .. 900";
          }
          description
            "Text description of rule set";
        }

        container from {
          description
            "Where is the traffic from";
          choice from-context-choice {
            leaf-list routing-instance {
              type string;
              max-elements 8;
              description
                "Source routing instance list";
            }
            leaf-list routing-group {
              type string;
              max-elements 8;
              description
                "Source routing group list";
            }
            leaf-list zone {
              type string;
              max-elements 8;
              description "Source zone list";
            }
            leaf-list interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              max-elements 8;
              description
                "Source interface list";
            }
          }  // choice from-context-choice
        }  // container from

        list rule {
          key "name";
          ordered-by user;
          description "Static NAT rule";
          uses static-nat-rule-object;
        }  // list rule

        leaf match-direction {
          type enumeration {
            enum "input" {
              value 0;
              description
                "Match on input to interface";
            }
            enum "output" {
              value 1;
              description
                "Match on output from interface";
            }
          }
          description "Match direction";
        }
      }  // list rule-set
    }  // grouping ssg-static-nat-object

    grouping static-nat-rule-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 31";
        }
        description "Static Rule name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^[^&<>
]+$";
          junos:pattern-message "Must be a string excluding '&', '<', '>' and '
'";
          length "1 .. 900";
        }
        description
          "Text description of rule";
      }

      container static-nat-rule-match {
        description
          "Specify Static NAT rule match criteria";
        uses apply-advanced;

        leaf-list source-address {
          type jt:ipprefix;
          max-elements 8;
          ordered-by user;
          description "Source address";
        }

        leaf-list source-address-name {
          type string;
          max-elements 8;
          ordered-by user;
          description
            "Address from address book";
        }

        list source-port {
          key "name";
          max-elements 8;
          ordered-by user;
          description "Source port";
          leaf name {
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Port or lower limit of port range";
          }

          container to {
            description
              "Port range upper limit";
            uses apply-advanced;

            leaf high {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Upper limit of port range";
            }
          }  // container to
        }  // list source-port

        choice dst-choice {
          container destination-address {
            description
              "Destination address";
            leaf dst-addr {
              type jt:ipprefix;
              description
                "IPv4 or IPv6 Destination address prefix";
            }
          }  // container destination-address
          container destination-address-name {
            description
              "Address from address book";
            leaf dst-addr-name {
              type string {
                length "1 .. 63";
              }
              description
                "Address from address book";
            }
          }  // container destination-address-name
        }  // choice dst-choice

        container destination-port {
          description "Destination port";
          leaf low {
            junos:must "((".. .. .. then static-nat prefix mapped-port" || ".. .. .. then static-nat prefix-name mapped-port"))";
            junos:must-message "'then static-nat prefix mapped-port ...' or 'then static-nat prefix-name mapped-port' must be configured when configure 'destination-port'";
            type union {
              type uint16;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Port or lower limit of port range";
          }

          container to {
            description
              "Port range upper limit";
            uses apply-advanced;

            leaf high {
              type union {
                type uint16;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Upper limit of port range";
            }
          }  // container to
        }  // container destination-port
      }  // container static-nat-rule-match

      container then {
        description "Then action";
        uses apply-advanced;

        container static-nat {
          description "Static NAT action";
          uses apply-advanced;

          choice prefix-choice {
            container inet {
              presence "enable inet";
              description
                "Translated to IPv4 address";
              uses apply-advanced;

              leaf routing-instance {
                type string;
                description
                  "Routing instance";
              }
            }  // container inet
            container prefix {
              description "Address prefix";
              uses apply-advanced;

              leaf addr-prefix {
                type jt:ipprefix;
                description
                  "IPv4 or IPv6 address prefix value";
              }

              container mapped-port {
                description "Mapped port";
                uses static-nat-rule-mapped-port-object;
              }  // container mapped-port

              leaf routing-instance {
                type string;
                description
                  "Routing instance";
              }
            }  // container prefix
            container prefix-name {
              description
                "Address from address book";
              uses apply-advanced;

              leaf addr-prefix-name {
                type string {
                  length "1 .. 63";
                }
                description
                  "Address from address book";
              }

              container mapped-port {
                description "Mapped port";
                uses static-nat-rule-mapped-port-object;
              }  // container mapped-port

              leaf routing-instance {
                type string;
                description
                  "Routing instance";
              }
            }  // container prefix-name
            container nptv6-prefix {
              description
                "NPTv6 address prefix, the longest prefix will be supported is /64";
              uses apply-advanced;

              leaf addr-prefix {
                type jt:ipprefix;
                description
                  "IPv6 address prefix value, the longest prefix will be supported is /64";
              }

              leaf routing-instance {
                type string;
                description
                  "Routing instance";
              }
            }  // container nptv6-prefix
            container nptv6-prefix-name {
              description
                "NPTv6 address from address book";
              uses apply-advanced;

              leaf addr-prefix-name {
                type string {
                  length "1 .. 63";
                }
                description
                  "IPv6 address from address book";
              }

              leaf routing-instance {
                type string;
                description
                  "Routing instance";
              }
            }  // container nptv6-prefix-name
          }  // choice prefix-choice

          container rule-session-count-alarm {
            description
              "Config rule-session-count-alarm to static rule";
            uses nat-rule-session-count-alarm-object;
          }  // container rule-session-count-alarm
        }  // container static-nat
      }  // container then
    }  // grouping static-nat-rule-object

    grouping static-nat-rule-mapped-port-object {
      uses apply-advanced;

      leaf low {
        junos:must "(".. .. .. .. .. match destination-port")";
        junos:must-message "'match destination-port ...' must be configured when configure 'mapped-port'";
        type union {
          type uint16;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Port or lower limit of port range";
      }

      container to {
        description "Port range upper limit";
        uses apply-advanced;

        leaf high {
          type union {
            type uint16;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Upper limit of port range";
        }
      }  // container to
    }  // grouping static-nat-rule-mapped-port-object

    grouping stp-interface {
      leaf name {
        type string;
      }

      uses apply-advanced;

      leaf priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "0 .. 255";
          }
        }
        description
          "Interface priority (in increments of 16 - 0,16,..240)";
      }

      leaf cost {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 200000000";
          }
        }
        description "Cost of the interface";
      }

      leaf mode {
        type enumeration {
          enum "point-to-point" {
            value 0;
            description
              "Interface mode is point-to-point";
          }
          enum "shared" {
            value 1;
            description
              "Interface mode is shared";
          }
        }
        description
          "Interface mode (P2P or shared)";
      }

      leaf edge {
        type empty;
        description "Port is an edge port";
      }

      leaf access-trunk {
        type empty;
        description
          "Send/Receive untagged RSTP BPDUs on this interface";
      }

      container bpdu-timeout-action {
        presence
          "enable bpdu-timeout-action";
        description
          "Define action on BPDU expiry (Loop Protect)";
        uses apply-advanced;

        leaf block {
          type empty;
          description "Block the interface";
        }

        leaf alarm {
          type empty;
          description "Generate an alarm";
        }
      }  // container bpdu-timeout-action

      leaf no-root-port {
        type empty;
        description
          "Do not allow the interface to become root (Root Protect)";
      }

      leaf disable {
        type empty;
        description
          "Disable Spanning Tree on port";
      }
    }  // grouping stp-interface

    grouping stp-trace-options {
      description
        "Trace options for Spanning Tree Protocol";
      uses apply-advanced;

      container file {
        description "Trace file options";
        leaf filename {
          type string {
            junos:posix-pattern "![/ %]";
            junos:pattern-message "Must not contain '/', % or a space";
            length "1 .. 1024";
          }
          description
            "Name of file in which to write trace information";
        }

        leaf replace {
          type empty;
          status deprecated;
          description
            "Replace trace file rather than appending to it";
        }

        leaf size {
          type string;
          description
            "Maximum trace file size";
        }

        leaf files {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "2 .. 1000";
            }
          }
          default "10";
          description
            "Maximum number of trace files";
        }

        leaf no-stamp {
          type empty;
          status deprecated;
          description
            "Do not timestamp trace file";
        }

        choice world-readable-choice {
          leaf world-readable {
            type empty;
            description
              "Allow any user to read the log file";
          }
          leaf no-world-readable {
            type empty;
            description
              "Don't allow any user to read the log file";
          }
        }  // choice world-readable-choice
      }  // container file

      list flag {
        junos:must "(".. file")";
        junos:must-message "Trace file name required to enable tracing";
        key "name";
        ordered-by user;
        description "Tracing parameters";
        leaf name {
          type enumeration {
            enum "events" {
              value 0;
              description
                "Trace events to the protocol state machine";
            }
            enum "bpdu" {
              value 1;
              description
                "Trace BPDU reception and transmission";
            }
            enum "timers" {
              value 2;
              description
                "Trace protocol timers";
            }
            enum
              "port-information-state-machine" {
              value 3;
              description
                "Trace port information state machine";
            }
            enum
              "port-receive-state-machine" {
              value 4;
              description
                "Trace port receive state machine";
            }
            enum
              "port-role-select-state-machine" {
              value 5;
              description
                "Trace port role selection state machine";
            }
            enum
              "port-role-transit-state-machine" {
              value 6;
              description
                "Trace port role transit state machine";
            }
            enum
              "port-state-transit-state-machine" {
              value 7;
              description
                "Trace port state transit state machine";
            }
            enum
              "port-migration-state-machine" {
              value 8;
              description
                "Trace port migration state machine";
            }
            enum
              "port-transmit-state-machine" {
              value 9;
              description
                "Trace port transmit state machine";
            }
            enum
              "topology-change-state-machine" {
              value 10;
              description
                "Trace topology change state machine";
            }
            enum
              "bridge-detection-state-machine" {
              value 11;
              description
                "Trace Bridge detection state machine";
            }
            enum "state-machine-variables" {
              value 12;
              description
                "Trace when state machine variables change";
            }
            enum "ppmd" {
              value 13;
              description
                "Trace state and events for ppmd process";
            }
            enum "all-failures" {
              value 14;
              description
                "Trace all failure conditions";
            }
            enum "all" {
              value 15;
              description "Trace all";
            }
          }
        }

        leaf disable {
          type empty;
          description
            "Disable this trace flag";
        }
      }  // list flag
    }  // grouping stp-trace-options

    grouping subscription-type {
      uses apply-advanced;

      leaf link-subscription {
        type string;
        default "100";
        description
          "Link bandwidth percentage for RSVP reservation";
      }

      leaf ct0 {
        junos:must "("protocols mpls diffserv-te bandwidth-model")";
        junos:must-message "Must have a diffserv-te bandwidth model configured when configuring subscription per traffic class";
        type string;
        default "100";
        description
          "Subscription percentage for traffic class 0";
      }

      leaf ct1 {
        junos:must "("protocols mpls diffserv-te bandwidth-model")";
        junos:must-message "Must have a diffserv-te bandwidth model configured when configuring subscription per traffic class";
        type string;
        default "100";
        description
          "Subscription percentage for traffic class 1";
      }

      leaf ct2 {
        junos:must "("protocols mpls diffserv-te bandwidth-model")";
        junos:must-message "Must have a diffserv-te bandwidth model configured when configuring subscription per traffic class";
        type string;
        default "100";
        description
          "Subscription percentage for traffic class 2";
      }

      leaf ct3 {
        junos:must "("protocols mpls diffserv-te bandwidth-model")";
        junos:must-message "Must have a diffserv-te bandwidth model configured when configuring subscription per traffic class";
        type string;
        default "100";
        description
          "Subscription percentage for traffic class 3";
      }

      list priority {
        key "priority-value";
        ordered-by user;
        description
          "Subscription percentage for a specific priority";
        leaf priority-value {
          junos:must "(!("protocols mpls diffserv-te"))";
          junos:must-message "Cannot configure per-priority subscription alongside diffserv-te";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 7";
            }
          }
          description
            "Priority for which subscription percent is being configured";
        }

        uses apply-advanced;

        leaf percent {
          junos:must "(!("protocols mpls diffserv-te"))";
          junos:must-message "Cannot configure per-priority subscription alongside diffserv-te";
          type string;
          description
            "Subscription percent for the specific priority";
        }
      }  // list priority
    }  // grouping subscription-type

    grouping sw-rule-set-object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Define Rule Set name";
      }

      uses apply-advanced;

      list rule {
        key "name";
        ordered-by user;
        description "Define a rule term";
        leaf name {
          type string {
            junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
            junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
            length "1 .. 63";
          }
          description "Rule name";
        }

        uses apply-advanced;

        container then {
          description
            "Action to take if the condition is matched";
          uses apply-advanced;

          choice designation {
            leaf ds-lite {
              junos:must "("services softwires softwire-types ds-lite $$")";
              junos:must-message "referenced softwire concentrator must be
defined under 'services softwires softwire-types ds-lite'";
              type string {
                junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                length "1 .. 63";
              }
              description
                "Apply DS-Lite softwire";
            }
            leaf v6rd {
              type string {
                junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                length "1 .. 63";
              }
              description
                "Apply 6rd softwire";
            }
            leaf map-e {
              junos:must "("services softwires softwire-types map-e $$")";
              junos:must-message "Undefined softwire concentrator for map-e";
              type string {
                junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
                junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
                length "1 .. 63";
              }
              description
                "Apply MAP-E softwire";
            }
          }  // choice designation
        }  // container then
      }  // list rule

      leaf match-direction {
        type enumeration {
          enum "input" {
            value 0;
            description
              "Match on input to interface";
          }
          enum "output" {
            value 1;
            description
              "Match on output from interface";
          }
        }
        description "Match direction";
      }
    }  // grouping sw-rule-set-object

    grouping system-id-ip-map {
      leaf name {
        type jt:mac-unicast;
      }

      uses apply-advanced;

      leaf ip-address {
        type jt:ipv4prefix;
        description "Peer ID (IP Address)";
      }
    }  // grouping system-id-ip-map

    grouping te-class-object {
      leaf traffic-class {
        type enumeration {
          enum "ct0" {
            value 0;
            description "Traffic class 0";
          }
          enum "ct1" {
            value 1;
            description "Traffic class 1";
          }
          enum "ct2" {
            value 2;
            description "Traffic class 2";
          }
          enum "ct3" {
            value 3;
            description "Traffic class 3";
          }
        }
        description "Traffic class";
      }

      leaf priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 7";
          }
        }
        description
          "Preemption priority for this class";
      }
    }  // grouping te-class-object

    grouping tenant-system-type {
      description "Tenant name";
      leaf name {
        junos:must "("tenants $$")";
        junos:must-message "Tenants must be defined under [tenants] ";
        type string;
        description "Tenant name";
      }

      uses apply-advanced;

      leaf max-sessions {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "Max number of IDP sessions";
      }
    }  // grouping tenant-system-type

    grouping tenant_interfaces_type {
      description "Physical interface";
      leaf name {
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Interface name";
      }

      uses apply-advanced;

      list unit {
        key "name";
        description "Logical interface";
        leaf name {
          type string;
        }

        uses apply-advanced;

        container policer-overhead {
          description
            "Policer overhead adjustment for this unit";
          uses apply-advanced;

          leaf policer-overhead-value {
            junos:must "((!(".. ingress") && !(".. egress")))";
            junos:must-message "Do not use the options ingress or egress when adjust values are specified";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "-64 .. 64";
              }
            }
            units "bytes";
            description
              "Policer overhead bytes to be accounted in ingress and egress";
          }

          leaf ingress {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "-64 .. 64";
              }
            }
            units "bytes";
            description
              "Ingress value in bytes";
          }

          leaf egress {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type int32 {
                range "-64 .. 64";
              }
            }
            units "bytes";
            description
              "Egress value in bytes";
          }
        }  // container policer-overhead

        leaf alias {
          junos:must "(!("interfaces interface-range $$"))";
          junos:must-message "Interface alias cannot be an existing interface range name";
          type string;
          description "Interface alias";
        }

        container peer-psd {
          presence "enable peer-psd";
          description "Peer psd";
          leaf psd-name {
            junos:must "(".. .. peer-interface")";
            junos:must-message "peer-interface must be configured on this interface";
            type string;
            description "Peer psd name";
          }
        }  // container peer-psd

        container peer-interface {
          presence "enable peer-interface";
          description "Peer interface";
          uses apply-advanced;

          leaf interface-name {
            junos:must "((".. .. peer-psd" || "interfaces $$-IFL peer-interface"))";
            junos:must-message "Peer interface or peer psd must be configured";
            type union {
              type jt:interface-unit;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Peer interface name";
          }
        }  // container peer-interface

        container interface-shared-with {
          junos:must "("chassis system-domains")";
          junos:must-message "Chassis system-domains must be configured";
          presence
            "enable interface-shared-with";
          description
            "Specify which PSD owns this logical interface";
          uses apply-advanced;

          leaf psd-name {
            type string {
              junos:posix-pattern "^psd([1-9]|[1-2][0-9]|[3][0-1])$";
              junos:pattern-message "Protected system domain name is a string consisting of 'psd' follows by the PSD ID (1-31), ex. psd2";
            }
            description
              "Name of protected system domain (psd[1-31], ex. psd2)";
          }
        }  // container interface-shared-with

        choice enable-disable {
          leaf disable {
            type empty;
            description
              "Disable this logical interface";
          }
        }  // choice enable-disable

        leaf passive-monitor-mode {
          type empty;
          description
            "Use interface to tap packets from another router";
        }

        leaf clear-dont-fragment-bit {
          type empty;
          description
            "Clear DF bit in packet (AS PIC and J-series only as well as MIF)";
        }

        leaf description {
          type string;
          description
            "Text description of interface";
        }

        leaf encapsulation {
          type enumeration {
            enum "atm-nlpid" {
              value 0;
              description
                "ATM NLPID encapsulation";
            }
            enum "atm-cisco-nlpid" {
              value 1;
              description
                "Cisco-compatible ATM NLPID encapsulation";
            }
            enum "atm-snap" {
              value 2;
              description
                "ATM LLC/SNAP encapsulation";
            }
            enum "atm-vc-mux" {
              value 3;
              description
                "ATM VC multiplexing";
            }
            enum "atm-ccc-vc-mux" {
              value 4;
              description "ATM VC for CCC";
            }
            enum "atm-tcc-vc-mux" {
              value 5;
              description
                "ATM VC for translational cross-connect";
            }
            enum "atm-tcc-snap" {
              value 6;
              description
                "ATM LLC/SNAP for translational cross-connect";
            }
            enum "atm-ccc-cell-relay" {
              value 7;
              description
                "ATM cell relay for CCC";
            }
            enum "vlan-vci-ccc" {
              value 8;
              description
                "CCC for VLAN Q-in-Q and ATM VPI/VCI interworking";
            }
            enum "ether-over-atm-llc" {
              value 9;
              description
                "Ethernet over ATM (LLC/SNAP) encapsulation";
            }
            enum "ether-vpls-over-atm-llc" {
              value 10;
              description
                "Ethernet VPLS over ATM (bridging) encapsulation";
            }
            enum
              "ppp-over-ether-over-atm-llc" {
              junos:must "(!(".. family"))";
              junos:must-message "Can't configure protocol family with encapsulation ppp-over-ether-over-atm-llc";
              junos:must "(".. .. encapsulation ethernet-over-atm")";
              junos:must-message "Physical link-layer encapsulation must be ethernet-over-atm";
              value 11;
              description
                "PPPoE over ATM (LLC/SNAP) encapsulation";
            }
            enum "ppp-over-ether" {
              junos:must "(!("forwarding-options hyper-mode"))";
              junos:must-message "To configure encapsulation ppp-over-ether, 'forwarding-options hyper-mode' should not be configured";
              junos:must "(!(".. family"))";
              junos:must-message "Can't configure protocol family with encapsulation ppp-over-ether";
              value 12;
              description
                "PPPoE encapsulation";
            }
            enum "atm-ppp-vc-mux" {
              value 13;
              description
                "ATM PPP over raw AAL5";
            }
            enum "atm-ppp-llc" {
              value 14;
              description
                "ATM PPP over AAL5/LLC";
            }
            enum "atm-mlppp-llc" {
              value 15;
              description
                "ATM MLPPP over AAL5/LLC";
            }
            enum "frame-relay-ppp" {
              junos:must "(!(".. family inet6"))";
              junos:must-message "family inet6 is not supported on encapsulation frame-relay-ppp";
              junos:must "(!(".. family inet"))";
              junos:must-message "family inet is not supported on encapsulation frame-relay-ppp";
              junos:must "(".. .. encapsulation frame-relay")";
              junos:must-message "Physical link-layer encapsulation must be frame-relay";
              value 16;
              description
                "PPP over Frame Relay";
            }
            enum "frame-relay-ccc" {
              value 17;
              description
                "Frame Relay DLCI for CCC";
            }
            enum "frame-relay" {
              value 18;
              description "Frame Relay DLCI";
            }
            enum "frame-relay-tcc" {
              value 19;
              description
                "Frame Relay DLCI for translational cross-connect";
            }
            enum "frame-relay-ether-type" {
              junos:must "((".. .. encapsulation flexible-frame-relay" || (".. .. encapsulation frame-relay-ether-type" || ".. .. encapsulation frame-relay-ether-type-tcc")))";
              junos:must-message "Interface encapsulation must be cisco-compatible or flexible frame relay";
              value 20;
              description
                "Cisco-compatible Frame Relay Encapsulation DLCI";
            }
            enum
              "frame-relay-ether-type-tcc" {
              value 21;
              description
                "Cisco-compatible Frame Relay Encapsulation DLCI for TCC";
            }
            enum "ether-vpls-fr" {
              value 22;
              description
                "Ethernet VPLS over Frame Relay (bridging) encapsulation";
            }
            enum "vlan-ccc" {
              value 23;
              description
                "802.1q tagging for a cross-connect";
            }
            enum "ethernet-ccc" {
              value 24;
              description
                "Ethernet for a cross-connect";
            }
            enum "vlan-vpls" {
              value 25;
              description
                "VLAN virtual private LAN service";
            }
            enum "vlan-bridge" {
              value 26;
              description
                "VLAN layer-2 bridging";
            }
            enum "ethernet-tcc" {
              value 27;
              description
                "Ethernet translational cross-connect";
            }
            enum "dix" {
              value 28;
              description
                "Ethernet DIXv2 (RFC 894)";
            }
            enum "ethernet" {
              value 29;
              description
                "Ethernet II (RFC 894)";
            }
            enum "ethernet-vpls" {
              value 30;
              description
                "Ethernet II virtual private LAN service";
            }
            enum "ethernet-bridge" {
              value 31;
              description
                "Ethernet II bridging";
            }
            enum "vlan" {
              value 32;
              description
                "802.1q-tagged Ethernet";
            }
            enum "vlan-tcc" {
              value 33;
              description
                "802.1q tagging for a translational cross-connect";
            }
            enum "multilink-ppp" {
              value 34;
              description "Multilink PPP";
            }
            enum
              "multilink-frame-relay-end-to-end" {
              value 35;
              description
                "Multilink Frame Relay end-to-end (FRF.15)";
            }
            enum "ppp-ccc" {
              value 36;
              description
                "Serial PPP device for a cross-connect";
            }
          }
          description
            "Logical link-layer encapsulation";
        }

        leaf mtu {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum transmission unit packet size";
        }

        choice pointedness {
          leaf point-to-point {
            type empty;
            description
              "Point-to-point connection";
          }
          leaf multipoint {
            type empty;
            description
              "Multipoint connection";
          }
        }  // choice pointedness

        leaf bandwidth {
          type string;
          description
            "Logical unit bandwidth (informational only)";
        }

        container radio-router {
          presence "enable radio-router";
          description
            "Parameters for dynamic link cost management";
          uses dynamic_ifbw_parms_type;
        }  // container radio-router

        choice traps-choice {
          leaf traps {
            type empty;
            description
              "Enable SNMP notifications on state changes";
          }
          leaf no-traps {
            type empty;
            description
              "Don't enable SNMP notifications on state changes";
          }
        }  // choice traps-choice

        choice routing-services-choice {
          leaf routing-services {
            type empty;
            status deprecated;
            description
              "Enable routing services";
          }
          leaf no-routing-services {
            type empty;
            status deprecated;
            description
              "Don't enable routing services";
          }
        }  // choice routing-services-choice

        container routing-service {
          description
            "Routing Services on this interface";
          uses apply-advanced;

          choice enable-disable {
            leaf enable {
              type empty;
              description
                "Enable Routing Service";
            }
            leaf disable {
              type empty;
              description
                "Disable Routing Service";
            }
          }  // choice enable-disable
        }  // container routing-service

        container arp-resp {
          presence "enable arp-resp";
          description
            "Knob to control ARP response on the interface, default is restricted";
          choice arp-response-options {
            leaf unrestricted {
              type empty;
              description
                "Enable unrestricted ARP respone on the interface";
            }
            leaf restricted {
              type empty;
              description
                "Enable restricted proxy ARP response on the interface";
            }
          }  // choice arp-response-options
        }  // container arp-resp

        container proxy-arp {
          junos:must "(!("switch-options no-arp-trap "))";
          junos:must-message "Cannot enable proxy ARP with no-arp-trap";
          presence "enable proxy-arp";
          description
            "Enable proxy ARP on the interface, default is unrestricted";
          choice proxyarp-options {
            leaf unrestricted {
              type empty;
              description
                "Enable unrestricted proxy ARP on the interface";
            }
            leaf restricted {
              type empty;
              description
                "Enable restricted proxy ARP on the interface";
            }
          }  // choice proxyarp-options
        }  // container proxy-arp

        choice vlan_choice {
          leaf vlan-id {
            junos:must "(!("interfaces ${interface} stacked-vlan-tagging"))";
            junos:must-message "vlan-id is not supported on stacked-vlan-tagging mode";
            junos:must "((unique "interfaces ${interface} unit <*> vlan-id $$" || !("interfaces ${interface} flexible-vlan-tagging")))";
            junos:must-message "duplicate vlan-id";
            type string;
            description
              "Virtual LAN identifier value for 802.1q VLAN tags";
          }
          leaf vlan-id-range {
            junos:must "(("interfaces ${interface} vlan-tagging" || "interfaces ${interface} flexible-vlan-tagging"))";
            junos:must-message "valid only with vlan-tagging or flexible-vlan-tagging mode";
            type jt:vlan-range;
            description
              "Virtual LAN identifier range of form vid1-vid2";
          }
          leaf-list inner-vlan-id-swap-ranges {
            type jt:vlan-range;
            description
              "Inner vlan-id swap range(s) of form vid1-vid2 for dynamic L2 VLANs";
          }
          leaf-list vlan-id-list {
            junos:must "((" .. encapsulation vlan-ccc" || ("interfaces ${interface} encapsulation extended-vlan-ccc" || (" .. encapsulation vlan-vpls" || ("interfaces ${interface} encapsulation extended-vlan-vpls" || (" .. encapsulation vlan-bridge" || "interfaces ${interface} encapsulation extended-vlan-bridge"))))))";
            junos:must-message "valid only with ccc/vpls/bridge encapsulation";
            junos:must "(("interfaces ${interface} vlan-tagging" || "interfaces ${interface} flexible-vlan-tagging"))";
            junos:must-message "valid only with vlan-tagging or flexible-vlan-tagging mode";
            junos:must "(".. input-vlan-map push")";
            junos:must-message "interface with vlan-id-list is supported only with input-vlan-map push";
            type jt:vlan-range;
            description
              "List of VLAN identifiers";
          }
          leaf-list vlan-tag {
            type string;
            ordered-by user;
            status deprecated;
            description
              "IEEE 802.1q tag list for VLAN tagged frames";
          }
          container vlan-tags {
            junos:must "((!("interfaces ${interface} vlan-tagging") || !((". inner" || (". inner-range" || ". inner-list")))))";
            junos:must-message "inner/inner-range/inner-list is valid only on stacked-vlan-tagging and flexible-vlan-tagging mode";
            junos:must "((!("interfaces ${interface} stacked-vlan-tagging") || (". inner" || (". inner-range" || ". inner-list"))))";
            junos:must-message "inner/inner-range/inner-list must be defined for stacked-vlan-tagging mode";
            junos:must "((".. demux-options" || ("interfaces ${interface} vlan-tagging" || ("interfaces ${interface} stacked-vlan-tagging" || "interfaces ${interface} flexible-vlan-tagging"))))";
            junos:must-message "valid only with vlan-tagging, stacked-vlan-tagging or flexible-vlan-tagging mode";
            presence "enable vlan-tags";
            description "IEEE 802.1q tags";
            leaf outer {
              type string;
              description
                "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
            }

            choice inner_choice {
              leaf inner {
                type string;
                description
                  "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
              }
              leaf inner-range {
                type string {
                  junos:posix-pattern "^((0[Xx][0-9A-Fa-f]{4}.){0,1}([1-9][0-9]{0,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-4])-([1-9][0-9]{0,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-4]))$";
                  junos:pattern-message "vid in vlan-tag ([0xNNNN.]vid1-vid2) must be 1 to 4094";
                }
                description
                  "[tpid.]vid1-vid2, tpid format is 0xNNNN and is optional";
              }
              leaf-list inner-list {
                junos:must "((" .. .. encapsulation vlan-ccc" || ("interfaces ${interface} encapsulation extended-vlan-ccc" || (" .. .. encapsulation vlan-vpls" || ("interfaces ${interface} encapsulation extended-vlan-vpls" || (" .. .. encapsulation vlan-bridge" || "interfaces ${interface} encapsulation extended-vlan-bridge"))))))";
                junos:must-message "valid only with ccc/vpls/bridge encapsulation";
                type jt:vlan-range;
                description
                  "List of VLAN identifiers";
              }
            }  // choice inner_choice
          }  // container vlan-tags
        }  // choice vlan_choice

        leaf deep-vlan-qualified-learning {
          junos:must "((".. vlan-tags outer" && ".. vlan-tags inner"))";
          junos:must-message "deep-vlan-qualified-learning can be specified only with one outer and one inner vlan tags";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "3";
            }
          }
          description
            "Enable qualified MAC-address learning on the specified vlan tag";
        }

        leaf native-inner-vlan-id {
          junos:must "((".. vlan-tags" || ".. family bridge inner-vlan-id-list"))";
          junos:must-message "native-inner-vlan-id can be specified only on a dual vlan tagged unit";
          junos:must "("interfaces ${interface} flexible-vlan-tagging")";
          junos:must-message "native-inner-vlan-id can be specified only with flexible-vlan-tagging mode";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 4094";
            }
          }
          description
            "Native virtual LAN identifier for singly tagged frames";
        }

        container accept-source-mac {
          junos:must "(!(".. family ethernet-switching"))";
          junos:must-message "source mac filters not allowed on ethernet switched port";
          description
            "Remote media access control address to/from which to accept traffic";
          uses apply-advanced;

          list mac-address {
            key "name";
            description "Remote MAC address";
            uses mac_list;
          }  // list mac-address
        }  // container accept-source-mac

        container input-vlan-map {
          description
            "VLAN map operation on input";
          uses vlan_map;
        }  // container input-vlan-map

        container output-vlan-map {
          description
            "VLAN map operation on output";
          uses vlan_map;
        }  // container output-vlan-map

        leaf swap-by-poppush {
          type empty;
          description
            "Pop original vlan tag and then push a new vlan tag";
        }

        leaf receive-lsp {
          type string;
          description
            "Name of incoming label-switched path";
        }

        leaf transmit-lsp {
          type string;
          description
            "Name of outgoing label-switched path";
        }

        leaf dlci {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1022";
            }
          }
          description
            "Frame Relay data-link control identifier";
        }

        leaf multicast-dlci {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1022";
            }
          }
          description
            "Frame Relay data-link control identifier for multicast packets";
        }

        choice vci_type {
          leaf vci {
            junos:must "(!(".. encapsulation vlan-vci-ccc"))";
            junos:must-message "'vci-range' must be used with encapsulation vlan-vci-ccc";
            type jt:atm-vci;
            description
              "ATM point-to-point virtual circuit identifier ([vpi.]vci)";
          }
          leaf allow-any-vci {
            type empty;
            description
              "Allow all VCIs to open in atm-ccc-cell-relay mode";
          }
          leaf vpi {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "ATM point-to-point virtual path identifier (vpi)";
          }
          leaf trunk-id {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 31";
              }
            }
            description
              "ATM trunk identifier";
          }
        }  // choice vci_type

        choice psn_vci_type {
          case case_1 {
          }  // case case_1

          case case_2 {
          }  // case case_2
        }  // choice psn_vci_type

        container atm-l2circuit-mode {
          description
            "Select ATM Layer 2 circuit transport mode";
          choice mode_choice {
            leaf cell {
              type empty;
              description
                "ATM Layer 2 circuit cell mode";
            }
            leaf aal5 {
              type empty;
              description
                "ATM Layer 2 circuit AAL5 mode";
            }
          }  // choice mode_choice
        }  // container atm-l2circuit-mode

        container vci-range {
          junos:must "(!(".. vci"))";
          junos:must-message "'vci-range' and 'vci' statements cannot co-exist";
          description
            "ATM VCI range start <start-vci> end <end-vci>";
          leaf start {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "32 .. 4094";
              }
            }
            description
              "ATM VCI range's start value";
          }

          leaf end {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "32 .. 4094";
              }
            }
            description
              "ATM VCI range's end value";
          }
        }  // container vci-range

        leaf trunk-bandwidth {
          type string;
          units "bits per second";
          description "ATM trunk bandwidth";
        }

        leaf multicast-vci {
          type jt:atm-vci;
          description
            "ATM virtual circuit identifier for multicast packets";
        }

        container shaping {
          description
            "Virtual circuit traffic-shaping options";
          uses dcd_shaping_config;
        }  // container shaping

        container oam-period {
          description "OAM cell period";
          choice oam_period_choices {
            leaf oam-period {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 900";
                }
              }
              units "seconds";
              description "OAM cell period";
            }
            container disable {
              presence "enable disable";
              description
                "Disable F5 OAM loopback";
            }  // container disable
          }  // choice oam_period_choices
        }  // container oam-period

        container oam-liveness {
          description
            "OAM virtual circuit liveness parameters";
          uses apply-advanced;

          leaf up-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Number of OAM cells to consider VC up";
          }

          leaf down-count {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description
              "Number of OAM cells to consider VC down";
          }
        }  // container oam-liveness

        container ppp-options {
          description
            "Point-to-Point Protocol interface-specific options";
          uses ppp_options_type;
        }  // container ppp-options

        container pppoe-options {
          description
            "PPP over Ethernet interface-specific options";
          uses pppoe_options_type;
        }  // container pppoe-options

        choice keepalive_choices {
          container keepalives {
            presence "enable keepalives";
            description
              "Send or demand keepalive messages";
            uses keepalives_type;
          }  // container keepalives
          leaf no-keepalives {
            type empty;
            description
              "Do not send or demand keepalive messages";
          }
        }  // choice keepalive_choices

        leaf inverse-arp {
          type empty;
          description "Enable inverse ARP";
        }

        leaf transmit-weight {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 32767";
            }
          }
          description
            "ATM2 transmit weight for VC under VP tunnel";
        }

        container epd-threshold {
          description
            "Early packet discard threshold for ATM2";
          uses epd_threshold_config;
        }  // container epd-threshold

        leaf cell-bundle-size {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 176";
            }
          }
          units "cells";
          description
            "L2 circuit cell bundle size";
        }

        leaf cell-bundle-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 512";
            }
          }
          units "microseconds";
          description
            "L2 circuit cell bundle timeout";
        }

        leaf plp-to-clp {
          type empty;
          description
            "Enable ATM2 PLP to CLP copy";
        }

        leaf atm-scheduler-map {
          type union {
            type string {
              pattern "default";
            }
            type string;
          }
          description
            "Assign ATM2 CoS scheduling map";
        }

        leaf mrru {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1500 .. 4500";
            }
          }
          units "bytes";
          description
            "Maximum received reconstructed unit";
        }

        leaf short-sequence {
          type empty;
          description
            "Short sequence number header format (MLPPP only)";
        }

        leaf fragment-threshold {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "64 .. 4500";
            }
          }
          units "bytes";
          description
            "Fragmentation threshold";
        }

        leaf drop-timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "0 .. 2000";
            }
          }
          units "milliseconds";
          description "Drop timeout";
        }

        leaf disable-mlppp-inner-ppp-pfc {
          type empty;
          description
            "Disable compression for inner PPP header in MLPPP payload";
        }

        leaf minimum-links {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16;
          }
          description
            "Minimum number of links to sustain the bundle";
        }

        leaf multilink-max-classes {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16;
          }
          description
            "Number of multilink classes";
        }

        container compression {
          junos:must "(!(".. encapsulation multilink-frame-relay-end-to-end"))";
          junos:must-message "CRTP is not supported for multilink-frame-relay-end-to-end encapsulation";
          presence "enable compression";
          description
            "Various packet header compressions";
          uses apply-advanced;

          container rtp {
            presence "enable rtp";
            description
              "Compress and decompress RTP";
            uses apply-advanced;

            leaf f-max-period {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 65535";
                }
              }
              description
                "Maximum number of compressed packets between transmission of full headers";
            }

            leaf-list queues {
              type enumeration {
                enum "q0" {
                  value 0;
                  description
                    "RTP packets assigned to queue 0";
                }
                enum "q1" {
                  value 1;
                  description
                    "RTP packets assigned to queue 1";
                }
                enum "q2" {
                  value 2;
                  description
                    "RTP packets assigned to queue 2";
                }
                enum "q3" {
                  value 3;
                  description
                    "RTP packets assigned to queue 3";
                }
              }
              ordered-by user;
              description
                "Queue holding RTP packets. Default is queue 1";
            }

            container port {
              presence "enable port";
              description
                "UDP destination ports reserved for RTP packets";
              leaf minimum {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 65535";
                  }
                }
              }

              leaf maximum {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 65535";
                  }
                }
              }
            }  // container port

            container maximum-contexts {
              description
                "Maximum number of simultaneous RTP contexts";
              leaf number {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "16 .. 2048";
                  }
                }
                description
                  "Maximum number of simultaneous RTP contexts";
              }
            }  // container maximum-contexts
          }  // container rtp
        }  // container compression

        leaf interleave-fragments {
          type empty;
          description
            "Interleave long packets with high priority ones";
        }

        leaf link-layer-overhead {
          type jt:unsigned-float;
          description
            "Link layer bit stuffing overhead (0.0 .. 50.0 percent)";
        }

        leaf accounting-profile {
          junos:must "(("accounting-options interface-profile $$" || "accounting-options flat-file-profile $$"))";
          junos:must-message "referenced accounting profile must be defined";
          type string;
          description
            "Accounting profile name";
        }

        leaf peer-unit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 16385";
            }
          }
          description "Peer unit number";
        }

        container tunnel {
          description "Tunnel parameters";
          uses apply-advanced;

          container encapsulation {
            presence "enable encapsulation";
            description
              "Encapsulation over tunnel";
            container vxlan-gpe {
              junos:must "((!(".. udp") && !(".. ipip")))";
              junos:must-message "Only one encapsulation can  be set per IFL";
              presence "enable vxlan-gpe";
              uses apply-advanced;

              container source {
                uses apply-advanced;

                leaf address {
                  junos:must "(!(".. interface"))";
                  junos:must-message "To configure address interface must be not set";
                  type jt:ipv4addr;
                  description
                    "Interface address prefix";
                }

                leaf mac-address {
                  type jt:mac-addr;
                  description
                    "Interface source mac address";
                }

                leaf interface {
                  type union {
                    type jt:interface-name;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Name of the interface";
                }
              }  // container source

              container destination {
                uses apply-advanced;

                leaf address {
                  type jt:ipv4addr;
                  description
                    "Interface address prefix";
                }

                leaf mac-address {
                  type jt:mac-addr;
                  description
                    "Interface destination mac address";
                }
              }  // container destination

              leaf tunnel-endpoint {
                type enumeration {
                  enum "vxlan" {
                    value 0;
                    description
                      "To configure vxlan tunnel-end-point";
                  }
                }
                description
                  "Tunnel end point type";
              }

              leaf destination-udp-port {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 65535";
                  }
                }
                description
                  "Value to write to the destination-udp-port field";
              }

              leaf vni {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 16777214";
                  }
                }
                description
                  "Value to write to the vni field";
              }
            }  // container vxlan-gpe
          }  // container encapsulation

          leaf source {
            type jt:ipaddr;
            description "Tunnel source";
          }

          leaf destination {
            type jt:ipaddr;
            description "Tunnel destination";
          }

          leaf key {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            description "Tunnel key";
          }

          leaf backup-destination {
            junos:must "(!(".. destination $$"))";
            junos:must-message "Backup and primary tunnel destinations must be different";
            type jt:ipaddr;
            description
              "Backup tunnel destination";
          }

          choice fragmentation {
            leaf allow-fragmentation {
              type empty;
              description
                "Do not set DF bit on packets";
            }
            leaf do-not-fragment {
              type empty;
              description
                "Set DF bit on packets";
            }
          }  // choice fragmentation

          leaf ttl {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 255";
              }
            }
            description "Time to live";
          }

          leaf traffic-class {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "TOS/Traffic class field of IP-header";
          }

          leaf flow-label {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 1048575";
              }
            }
            description
              "Flow label field of IP6-header";
          }

          choice path-mtu-discovery-choice {
            leaf path-mtu-discovery {
              type empty;
              description
                "Enable path MTU discovery for tunnels";
            }
            leaf no-path-mtu-discovery {
              type empty;
              description
                "Don't enable path MTU discovery for tunnels";
            }
          }  // choice path-mtu-discovery-choice

          container routing-instance {
            description
              "Routing instance to which tunnel ends belong";
            uses apply-advanced;

            leaf destination {
              junos:must "(("routing-instances $$" || any "tenants <*> routing-instances $$"))";
              junos:must-message "referenced routing-instance must be defined";
              type string {
                junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
                junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
              }
              description
                "Routing instance of tunnel destination";
            }
          }  // container routing-instance
        }  // container tunnel

        leaf compression-device {
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Logical interface used for compression";
        }

        choice virtual-gateway {
          leaf no-auto-virtual-gateway-esi {
            junos:must "((any ".. family inet address <*> virtual-gateway-address" || any ".. family inet6 address <*> virtual-gateway-address"))";
            junos:must-message "Only when virtual gateway address is configured";
            type empty;
            description
              "Disable auto ESI generation for virtual gateway address";
          }
          container virtual-gateway-esi {
            description
              "ESI configuration of virtual gateway";
            uses apply-advanced;

            leaf identifier {
              junos:must "(unique "interfaces <*> unit <*> virtual-gateway-esi $$")";
              junos:must-message "virtual-gateway-esi value must be unique under all IFDs and IFLs";
              junos:must "(unique "interfaces <*> unit <*> esi $$")";
              junos:must-message "ESI value must be unique under all IFDs and IFLs";
              type jt:esi;
              description
                "ESI value for the interface";
            }

            choice mode {
              leaf single-active {
                type empty;
                description
                  "Single-active mode";
              }
              leaf all-active {
                type empty;
                description
                  "All-active mode";
              }
            }  // choice mode
          }  // container virtual-gateway-esi
        }  // choice virtual-gateway

        container service {
          description "Service operations";
          uses apply-advanced;

          list pcef {
            key "name";
            ordered-by user;
            description "PCEF configuration";
            leaf name {
              junos:must "((".. family inet service" || ".. family inet6 service"))";
              junos:must-message "Must be configured along with a family inet/inet6 service.";
              type string;
              description
                "PCEF Profile name";
            }

            uses apply-advanced;

            leaf activate-all {
              junos:must "(!("activate"))";
              junos:must-message "Can't be configured with activate-rule or activate- rulebase.";
              type empty;
              description
                "Activate all rules and rulebases in the pcef profile";
            }

            list activate {
              key "name";
              ordered-by user;
              description
                "Name of pcef profile rule or rulebase to activate";
              leaf name {
                type string;
                description
                  "Name of pcef profile rule or rulebase to activate";
              }

              uses apply-advanced;
            }  // list activate
          }  // list pcef
        }  // container service

        choice generate-eui64-choice {
          leaf generate-eui64 {
            junos:must "(".. family inet6 unnumbered-address")";
            junos:must-message "generate-eui64 attribute must be set when unnumbered-address is configured under family inet6";
            type empty;
            description
              "To generate Link Local EUI-64 addresses";
          }
          leaf no-generate-eui64 {
            junos:must "(".. family inet6 unnumbered-address")";
            junos:must-message "generate-eui64 attribute must be set when unnumbered-address is configured under family inet6";
            type empty;
            description
              "Don't to generate Link Local EUI-64 addresses";
          }
        }  // choice generate-eui64-choice

        container family {
          junos:must "(!(".. encapsulation ppp-over-ether"))";
          junos:must-message "Can't configure protocol family with encapsulation ppp-over-ether";
          description "Protocol family";
          container inet {
            junos:must "(!(".. .. .. encapsulation vlan-vpls"))";
            junos:must-message "Can't configure protocol family inet with encapsulation vpls";
            presence "enable inet";
            description "IPv4 parameters";
            uses apply-advanced;

            container dhcp {
              junos:must "(!(any "forwarding-options dhcp-relay group <*> interface ${interface}.${unit}"))";
              junos:must-message "Incompatible with the interface configured under 'forwarding-options dhcp-relay group'";
              junos:must "(!("system services dhcp"))";
              junos:must-message "Incompatible with the dhcp server configured under 'system services dhcp'";
              junos:must "(!("system autoinstallation interfaces"))";
              junos:must-message "Incompatible with 'system autoinstallation interfaces'";
              junos:must "(!(".. address"))";
              junos:must-message "Incompatible with interface assigned with address";
              presence "enable dhcp";
              description
                "Dynamic Host Configuration Protocol client configuration";
              uses dhcp-client-type;
            }  // container dhcp

            container targeted-broadcast {
              junos:must "(!(("interfaces $$={irb} unit ${unit} family $$={inet} targeted-broadcast" && "protocols l2-learning global-mode transparent-bridge")))";
              junos:must-message "targeted-broadcast do not be supported on irb interface in transparent mode";
              presence
                "enable targeted-broadcast";
              description
                "Directed broadcast";
              uses apply-advanced;

              choice targeted-bcast-choice {
                leaf forward-and-send-to-re {
                  type empty;
                  description
                    "Allow packets to be forwarded and sent to re";
                }
                leaf forward-only {
                  type empty;
                  description
                    "Allow packets only to be forwarded";
                }
              }  // choice targeted-bcast-choice
            }  // container targeted-broadcast

            leaf destination-class-usage {
              type empty;
              status deprecated;
              description
                "Enable destination class usage on this interface";
            }

            leaf transit-options-packets {
              type empty;
              status deprecated;
              description
                "Transit IP options packets (don't send to Routing Engine)";
            }

            leaf transit-ttl-exceeded {
              type empty;
              status deprecated;
              description
                "Transit IP TTL-exceeded packets (don't send to Routing Engine)";
            }

            leaf receive-options-packets {
              type empty;
              description
                "Receive IP options packets (don't send to Routing Engine)";
            }

            leaf receive-ttl-exceeded {
              type empty;
              description
                "Receive IP TTL-exceeded packets (don't send to Routing Engine)";
            }

            container accounting {
              description
                "Configure interface-based accounting options";
              uses apply-advanced;

              container source-class-usage {
                description
                  "Enable source class usage on this interface";
                uses apply-advanced;

                leaf input {
                  type empty;
                  description
                    "Specify this interface for source-class-usage input";
                }

                leaf output {
                  type empty;
                  description
                    "Specify this interface for source-class-usage output";
                }
              }  // container source-class-usage

              leaf destination-class-usage {
                type empty;
                description
                  "Enable destination class usage on this interface";
              }
            }  // container accounting

            container rpf-check {
              presence "enable rpf-check";
              description
                "Enable reverse-path-forwarding checks on this interface";
              uses apply-advanced;

              leaf fail-filter {
                type string;
                description
                  "Name of filter applied to packets failing RPF check";
              }

              container mode {
                description
                  "Mode for reverse path forwarding";
                leaf loose {
                  type empty;
                  description
                    "Reverse-path-forwarding loose mode";
                }
              }  // container mode
            }  // container rpf-check

            leaf mtu {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Protocol family maximum transmission unit";
            }

            leaf arp-max-cache {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2000000";
                }
              }
              description
                "Max interface ARP nexthop cache size";
            }

            leaf arp-new-hold-limit {
              junos:must "(".. arp-max-cache")";
              junos:must-message "Interface max ARP cache size must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2000000";
                }
              }
              description
                "Max no. of new unresolved nexthops";
            }

            leaf no-redirects {
              type empty;
              description
                "Do not redirect traffic";
            }

            leaf no-neighbor-learn {
              type empty;
              description
                "Disable neighbor address learning on interface";
            }

            leaf unconditional-src-learn {
              type empty;
              description
                "Glean from arp packets even when source cannot be validated";
            }

            leaf multicast-only {
              type empty;
              description
                "Allow only multicast traffic (tunnels only)";
            }

            leaf primary {
              type empty;
              description
                "Candidate for primary interface in system";
            }

            leaf ipsec-sa {
              type string {
                length "1 .. 32";
              }
              description
                "Name of security association";
            }

            container filter {
              description "Packet filtering";
              uses apply-advanced;

              choice input_choice {
                container input {
                  description
                    "Filter to be applied to received packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container input
                leaf-list input-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to received packets ";
                }
              }  // choice input_choice

              choice output_choice {
                container output {
                  description
                    "Filter to be applied to transmitted packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container output
                leaf-list output-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to transmitted packets ";
                }
              }  // choice output_choice

              container adf {
                description
                  "Ascend Data Filter definition";
                uses apply-advanced;

                list rule {
                  key "name";
                  ordered-by user;
                  description
                    "Set of ADF rules";
                  leaf name {
                    type string;
                    description
                      "Value for a single rule";
                  }

                  uses apply-advanced;
                }  // list rule

                leaf counter {
                  type empty;
                  description
                    "Add a counter to each rule";
                }

                leaf input-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the input rules";
                }

                leaf not-mandatory {
                  type empty;
                  description
                    "No errors will be reported if no rules are present";
                }

                leaf output-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the output rules";
                }
              }  // container adf

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Group to which interface belongs";
              }

              leaf dialer {
                junos:must "(".. .. .. .. dialer-options dial-string")";
                junos:must-message "Dial string is mandatory for dialer filter";
                junos:must "(!(".. .. .. .. dialer-options watch-list"))";
                junos:must-message "A dialer interface cannot have watch-list as well as dialer filter";
                type string;
                description
                  "Name of filter applied on dialer";
              }
            }  // container filter

            container simple-filter {
              description
                "Filter for doing multifield classification";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of simple filter applied to received packets";
              }
            }  // container simple-filter

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf arp {
                junos:must "(!(".. disable-arp-policer"))";
                junos:must-message "Interface configuration can have either disable-arp-policer or arp policer configured";
                junos:must "((!(".. .. .. .. peer-unit") || (".. .. .. .. encapsulation ethernet" || ".. .. .. .. encapsulation vlan")))";
                junos:must-message "Interface encapsulation must be ethernet or vlan";
                type string;
                description
                  "Name of policer applied to received ARP packets";
              }

              leaf input {
                junos:must "(!(".. .. input-hierarchical-policer"))";
                junos:must-message "Both input policer and input hierarchical policer can not be applied on the same family";
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer

            container sampling {
              junos:must "(("forwarding-options sampling family inet" || ("forwarding-options packet-capture" || any "forwarding-options sampling instance <*> family inet")))";
              junos:must-message "Requires forwarding-options sampling or packet-capture config";
              description
                "Interface sampling";
              uses apply-advanced;

              leaf input {
                type empty;
                description
                  "Sample all packets input on this interface";
              }

              leaf output {
                type empty;
                description
                  "Sample all packets output on this interface";
              }
            }  // container sampling

            container service {
              junos:must "((!(".. rpf-check") || "chassis network-services enhanced-ip"))";
              junos:must-message "rpf-check can not be enabled with interface services";
              description
                "Service operations";
              uses apply-advanced;

              container input {
                description
                  "Service sets to consider for received packets";
                uses apply-advanced;

                list service-set {
                  key "name";
                  ordered-by user;
                  description
                    "Service set to consider for received packets";
                  leaf name {
                    junos:must "((!(".. .. .. .. .. .. demux-source") && !(".. .. .. .. .. .. demux-destination")))";
                    junos:must-message "Service set cannot be configured on interfaces with demux-source or demux-destination";
                    junos:must "("services service-set $$ interface-service")";
                    junos:must-message "this service set must be an interface service";
                    type string {
                      junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]*$";
                      junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes, underscores, forward slashes, colons and dots.";
                    }
                    description
                      "Name of service set";
                  }

                  uses apply-advanced;

                  leaf service-filter {
                    type string;
                    description
                      "Name of service filter";
                  }
                }  // list service-set

                leaf post-service-filter {
                  type string;
                  description
                    "Post-service filter to apply to received packets";
                }
              }  // container input

              container output {
                description
                  "Service sets to consider for transmitted packets";
                uses apply-advanced;

                list service-set {
                  key "name";
                  ordered-by user;
                  description
                    "Service set to consider for transmitted packets";
                  leaf name {
                    type string {
                      junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]*$";
                      junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes, underscores, forward slashes, colons and dots.";
                    }
                    description
                      "Name of service set";
                  }

                  uses apply-advanced;

                  leaf service-filter {
                    type string;
                    description
                      "Name of service filter";
                  }
                }  // list service-set
              }  // container output
            }  // container service

            list next-hop-tunnel {
              key "name";
              ordered-by user;
              description
                "One or more next-hop tunnel tables";
              leaf name {
                type string;
                description
                  "Next-hop tunnel gateway address";
              }

              uses apply-advanced;

              leaf ipsec-vpn {
                junos:must "("security ipsec vpn $$")";
                junos:must-message "Referenced IPSec vpn must be defined under [edit security ipsec vpn] hierarchy level";
                junos:must "(unique "interfaces st0 unit <*> family inet next-hop-tunnel <*> ipsec-vpn $$")";
                junos:must-message "Referenced IPSec vpn must be unique";
                type string;
                description
                  "Name of IPSec VPN";
              }
            }  // list next-hop-tunnel

            container tunnel-termination {
              presence
                "enable tunnel-termination";
              description
                "Tunnel termination";
            }  // container tunnel-termination

            list address {
              junos:must "((!(".. unnumbered-address") && !(".. location-pool-address")))";
              junos:must-message "address cannot be defined with unnumbered-address or location-pool-address simultaneously";
              key "name";
              ordered-by user;
              description
                "Interface address/destination prefix";
              leaf name {
                type jt:ipv4prefix;
                description
                  "Interface address/destination prefix";
              }

              uses apply-advanced;

              leaf destination {
                type jt:ipv4addr;
                description
                  "Destination address";
              }

              leaf destination-profile {
                junos:must "("access group-profile $$ ppp")";
                junos:must-message "referenced group-profile must be defined and must contain ppp statement";
                type string;
                description
                  "Profile to use for destination address";
              }

              leaf broadcast {
                type jt:ipv4addr;
                description
                  "Broadcast address";
              }

              leaf primary {
                type empty;
                description
                  "Candidate for primary address in system";
              }

              leaf preferred {
                type empty;
                description
                  "Preferred address on interface";
              }

              leaf master-only {
                type empty;
                description
                  "Master management IP address for router";
              }

              list multipoint-destination {
                key "name";
                ordered-by user;
                description
                  "Multipoint NBMA destination";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "Destination address";
                }

                uses apply-advanced;

                choice link-address {
                  leaf dlci {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 1022";
                      }
                    }
                    description
                      "Frame Relay data-link control identifier";
                  }
                  leaf vci {
                    type jt:atm-vci;
                    description
                      "ATM virtual circuit identifier ([vpi.]vci)";
                  }
                }  // choice link-address

                container shaping {
                  description
                    "Virtual circuit traffic-shaping options";
                  uses dcd_shaping_config;
                }  // container shaping

                container oam-period {
                  description
                    "OAM cell period";
                  choice oam_period_choices {
                    leaf oam_period {
                      type union {
                        type string {
                          pattern "<.*>|$.*";
                        }
                        type uint32 {
                          range "1 .. 900";
                        }
                      }
                      units "seconds";
                      description
                        "OAM cell period";
                    }
                    container disable {
                      presence
                        "enable disable";
                      description
                        "Disable OAM loopback";
                    }  // container disable
                  }  // choice oam_period_choices
                }  // container oam-period

                container oam-liveness {
                  description
                    "OAM virtual circuit liveness parameters";
                  uses apply-advanced;

                  leaf up-count {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 255";
                      }
                    }
                    description
                      "Number of OAM cells to consider VC up";
                  }

                  leaf down-count {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 255";
                      }
                    }
                    description
                      "Number of OAM cells to consider VC down";
                  }
                }  // container oam-liveness

                leaf inverse-arp {
                  type empty;
                  description
                    "Enable inverse ARP reply messages";
                }

                leaf transmit-weight {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint16 {
                      range "1 .. 32767";
                    }
                  }
                  description
                    "ATM2 transmit weight for VC under VP tunnel";
                }

                container epd-threshold {
                  description
                    "Early packet discard threshold for ATM2";
                  uses epd_threshold_config;
                }  // container epd-threshold
              }  // list multipoint-destination

              list arp {
                key "name";
                ordered-by user;
                description
                  "Static Address Resolution Protocol entries";
                leaf name {
                  type jt:ipv4addr;
                  description
                    "Destination IP address";
                }

                leaf l2-interface {
                  type union {
                    type jt:interface-name;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Layer 2 interface name for ARP entry";
                }

                choice mac_address_type {
                  leaf mac {
                    type jt:mac-unicast;
                    description
                      "MAC address";
                  }
                  leaf multicast-mac {
                    type jt:mac-multicast;
                    description
                      "Multicast MAC address";
                  }
                }  // choice mac_address_type

                leaf publish {
                  junos:must "((".. mac" || ".. multicast-mac"))";
                  junos:must-message "mac or multicast-mac must be configured to publish";
                  type empty;
                  description
                    "Reply to ARP requests for this entry";
                }
              }  // list arp

              container web-authentication {
                description
                  "Parameters for web-based firewall-user authentication";
                uses apply-advanced;

                leaf http {
                  type empty;
                  description
                    "Enable authentication via HTTP";
                }

                leaf https {
                  type empty;
                  description
                    "Enable authentication via HTTPS";
                }

                leaf redirect-to-https {
                  junos:must "(".. https")";
                  junos:must-message "https must be enabled";
                  type empty;
                  description
                    "Web authentication redirect to HTTPS";
                }
              }  // container web-authentication

              list vrrp-group {
                key "name";
                ordered-by user;
                description "VRRP group";
                uses vrrp-group;
              }  // list vrrp-group

              leaf virtual-gateway-address {
                junos:must "(!(".. vrrp-group"))";
                junos:must-message "vrrp configuration incompatible with virtual gateway address";
                type jt:ipv4addr;
                description
                  "Virtual Gateway IP address";
              }
            }  // list address

            container unnumbered-address {
              description
                "Unnumbered interface address/destination prefix";
              leaf source {
                junos:must "("interfaces $$-IFL family inet address")";
                junos:must-message "referred interface must have address configured under family inet";
                type union {
                  type jt:interface-unit;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Interface from which to take local address";
              }

              leaf preferred-source-address {
                type string;
                description
                  "Preferred address on the donor interface";
              }

              leaf destination {
                type jt:ipv4addr;
                description
                  "Destination address";
              }

              leaf destination-profile {
                junos:must "("access group-profile $$ ppp")";
                junos:must-message "referenced group-profile must be defined and must contain ppp statement";
                type string;
                description
                  "Profile to use for destination address";
              }
            }  // container unnumbered-address

            container location-pool-address {
              junos:must "((!(".. address") && !(".. unnumbered-address")))";
              junos:must-message "location-pool-address cannot be defined with address or unnumbered-address simultaneously";
              presence
                "enable location-pool-address";
              description
                "Location-based IP address pool";
              uses apply-advanced;

              leaf pool-name {
                junos:must "("access address-assignment location-pool $$")";
                junos:must-message "referenced IP address location pool must be defined";
                type string {
                  length "1 .. 64";
                }
                description "Pool name";
              }
            }  // container location-pool-address

            leaf negotiate-address {
              junos:must "(!(".. .. .. .. encapsulation multilink-frame-relay-uni-nni"))";
              junos:must-message "negotiate-address is not supported with family mlfr-uni-nni ";
              junos:must "(!(".. .. .. encapsulation multilink-frame-relay-end-to-end"))";
              junos:must-message "negotiate-address is not supported with family mlfr-end-to-end ";
              junos:must "(!(".. location-pool-address"))";
              junos:must-message "negotiate-address and location-pool-address must not be defined simultaneously";
              junos:must "(!(".. unnumbered-address"))";
              junos:must-message "negotiate-address and unnumbered-address must not be defined simultaneously";
              junos:must "(!(".. address"))";
              junos:must-message "negotiate-address and address must not be defined simultaneously";
              type empty;
              description
                "Negotiate address with remote";
            }

            leaf destination-udp-port {
              junos:must "(".. .. .. tunnel encapsulation udp")";
              junos:must-message "destination-udp-port can be configured only for encapsulation udp on fti interface";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10000 .. 10009";
                }
              }
              description
                "Choose destination UDP port number";
            }
          }  // container inet

          container iso {
            junos:must "(!(".. .. encapsulation frame-relay-ppp"))";
            junos:must-message "family iso is not supported on encapsulation frame-relay-ppp";
            presence "enable iso";
            description
              "OSI ISO protocol parameters";
            uses apply-advanced;

            list address {
              key "name";
              ordered-by user;
              description
                "Interface address";
              leaf name {
                type jt:isoaddr;
                description
                  "Interface address";
              }

              uses apply-advanced;
            }  // list address

            leaf mtu {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Protocol family maximum transmission unit";
            }

            leaf destination-udp-port {
              junos:must "(".. .. .. tunnel encapsulation udp")";
              junos:must-message "destination-udp-port can be configured only for encapsulation udp on fti interface";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10030 .. 10039";
                }
              }
              description
                "Choose destination UDP port number";
            }
          }  // container iso

          container inet6 {
            presence "enable inet6";
            description
              "IPv6 protocol parameters";
            uses apply-advanced;

            container dhcpv6-client {
              junos:must "(!("system services dhcp"))";
              junos:must-message "Incompatible with the dhcp server configured under 'system services dhcp'";
              junos:must "(!("system autoinstallation"))";
              junos:must-message "Incompatible with 'system autoinstallation'";
              junos:must "(!(".. address"))";
              junos:must-message "Incompatible with interface assigned with address";
              junos:must "(!(any "forwarding-options dhcp-relay dhcpv6  group <*> interface ${interface}.${unit}"))";
              junos:must-message "DHCPv6 client and relay cannot be configured on the same interface ";
              junos:must "(!(any "system services dhcp-local-server dhcpv6 group <*> interface ${interface}.${unit}"))";
              junos:must-message "DHCPv6 client and server cannot be configured on the same interface ";
              description
                "Dynamic Host Configuration Protocol DHCPv6 client configuration";
              uses apply-advanced;

              leaf client-type {
                type enumeration {
                  enum "stateful" {
                    value 0;
                    description
                      "Stateful client type for address assignment.";
                  }
                  enum "autoconfig" {
                    junos:must "("protocols router-advertisement interface ${interface}.${unit}")";
                    junos:must-message "Interface for ra messages is must for auto mode";
                    junos:must "(!("interfaces ${interface} unit ${unit} family inet6 dhcpv6-client update-router-advertisement"))";
                    junos:must-message "Incompatible with 'dhcpv6-client update-router-advertisement'";
                    junos:must "(!("interfaces ${interface} unit ${unit} family inet6 dhcpv6-client client-ia-type ia-pd"))";
                    junos:must-message "Incompatible with 'client-ia-type ia-pd'";
                    value 1;
                    description
                      "Autoconfig  client type for router-advertisement";
                  }
                }
                description
                  "DHCPv6 client type";
              }

              list client-ia-type {
                key "name";
                ordered-by user;
                description
                  "DHCPv6 client identity association type";
                leaf name {
                  type enumeration {
                    enum "ia-na" {
                      value 0;
                      description
                        "Identity Association-Non-temporary Address";
                    }
                    enum "ia-pd" {
                      value 1;
                      description
                        "Identity Association-Prefix Address";
                    }
                  }
                }

                uses apply-advanced;
              }  // list client-ia-type

              container rapid-commit {
                presence
                  "enable rapid-commit";
                description
                  "Option is used to signal the use of the two message exchange for address assignment";
              }  // container rapid-commit

              container prefix-delegating {
                junos:must "("interfaces ${interface} unit ${unit} family inet6 dhcpv6-client client-ia-type ia-pd")";
                junos:must-message "Incompatible with out 'client-ia-type ia-pd'";
                description
                  "Prefix delegating parameters";
                uses apply-advanced;

                leaf preferred-prefix-length {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 64";
                    }
                  }
                  description
                    "Client preferred prefix length";
                }

                leaf sub-prefix-length {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 127";
                    }
                  }
                  description
                    "The sub prefix length for LAN interfaces";
                }
              }  // container prefix-delegating

              container client-identifier {
                description
                  "DHCP Server identifies a client by client-identifier value ";
                leaf duid-type {
                  type enumeration {
                    enum "duid-llt" {
                      value 0;
                      description
                        "Link-layer address plus time";
                    }
                    enum "vendor" {
                      value 1;
                      description
                        "Vendor-assigned unique ID based on Enterprise Number";
                    }
                    enum "duid-ll" {
                      value 2;
                      description
                        "Link-layer address";
                    }
                  }
                  description
                    "DUID identifying a client";
                }
              }  // container client-identifier

              leaf vendor-id {
                type string {
                  length "1 .. 60";
                }
                description
                  "Vendor class id for the dhcpv6 client";
              }

              list req-option {
                key "name";
                ordered-by user;
                description
                  "DHCPV6 client requested option configuration";
                leaf name {
                  type enumeration {
                    enum "dns-server" {
                      value 0;
                      description
                        "Dns-server option";
                    }
                    enum "domain" {
                      value 1;
                      description
                        "Dns-server option";
                    }
                    enum "ntp-server" {
                      value 2;
                      description
                        "Ntp-server option";
                    }
                    enum "time-zone" {
                      value 3;
                      description
                        "Time-zone option";
                    }
                    enum "sip-server" {
                      value 4;
                      description
                        "Sip-server option";
                    }
                    enum "sip-domain" {
                      value 5;
                      description
                        "Sip-domain option";
                    }
                    enum "nis-server" {
                      value 6;
                      description
                        "Nis-server option";
                    }
                    enum "nis-domain" {
                      value 7;
                      description
                        "Nis-domain option";
                    }
                    enum "fqdn" {
                      value 8;
                      description
                        "Fully-qualified-domain option";
                    }
                    enum "vendor-spec" {
                      value 9;
                      description
                        "Vendor-spec option";
                    }
                    enum
                      "zero-touch-redirect" {
                      value 10;
                      description
                        "Zero-touch-redirect";
                    }
                    enum "bootfile-url" {
                      value 11;
                      description
                        "Bootfile url";
                    }
                    enum "bootfile-param" {
                      value 12;
                      description
                        "Bootfile param";
                    }
                  }
                }

                uses apply-advanced;
              }  // list req-option

              container options {
                description "DHCP options";
                uses apply-advanced;

                list number {
                  key "name";
                  description
                    "DHCP option code";
                  leaf name {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "1 .. 254";
                      }
                    }
                    description
                      "DHCP option identifier code";
                  }

                  choice option-type-choice {
                    leaf hex-string {
                      type string {
                        junos:posix-pattern "^[[:xdigit:]]+$";
                        junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                        length "1 .. 510";
                      }
                      description
                        "Hexadecimal string";
                    }
                  }  // choice option-type-choice
                }  // list number
              }  // container options

              leaf retransmission-attempt {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "0 .. 50000";
                  }
                }
                default "9";
                description
                  "Number of attempts to retransmit the DHCPV6 client protocol packet";
              }

              container no-dns-install {
                presence
                  "enable no-dns-install";
                description
                  "Not propagate DNS to kernel";
              }  // container no-dns-install

              container update-router-advertisement {
                junos:must "("interfaces ${interface} unit ${unit} family inet6 dhcpv6-client client-ia-type $$={2}")";
                junos:must-message "Incompatible without 'client-ia-type ia-pd'";
                description
                  "Dhcpv6 client update rpd for prefix delegation";
                uses apply-advanced;

                list interface {
                  key "name";
                  max-elements 3;
                  ordered-by user;
                  description
                    "Interfaces on which to delegate prefix";
                  leaf name {
                    junos:must "(unique "interfaces <*> unit 0 family inet6 dhcpv6-client update-router-advertisement interface $$")";
                    junos:must-message "This interface is already updated by a dhcpv6-client";
                    junos:must "(!("protocols router-advertisement interface $$"))";
                    junos:must-message "Incompatible with the interface configured under 'protocols router-advertisement interface'";
                    type union {
                      type jt:interface-name;
                      type string {
                        pattern "<.*>|$.*";
                      }
                    }
                    description
                      "Interfaces-name on which to delegate prefix";
                  }

                  uses apply-advanced;

                  choice managed-configuration-choice {
                    leaf managed-configuration {
                      type empty;
                      description
                        "Set managed address configuration";
                    }
                    leaf no-managed-configuration {
                      type empty;
                      description
                        "Don't set managed address configuration";
                    }
                  }  // choice managed-configuration-choice

                  choice other-stateful-configuration-choice {
                    leaf other-stateful-configuration {
                      type empty;
                      description
                        "Set other stateful configuration";
                    }
                    leaf no-other-stateful-configuration {
                      type empty;
                      description
                        "Don't set other stateful configuration";
                    }
                  }  // choice other-stateful-configuration-choice

                  leaf max-advertisement-interval {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "4 .. 1800";
                      }
                    }
                    units "seconds";
                    description
                      "Maximum advertisement interval";
                  }

                  leaf min-advertisement-interval {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "3 .. 1350";
                      }
                    }
                    units "seconds";
                    description
                      "Minimum advertisement interval";
                  }

                  choice enable-recursive-dns-server-option-choice {
                    leaf enable-recursive-dns-server-option {
                      type empty;
                      description
                        "Enables the recursive DNS server option";
                    }
                    leaf no-enable-recursive-dns-server-option {
                      type empty;
                      description
                        "Don't enables the recursive DNS server option";
                    }
                  }  // choice enable-recursive-dns-server-option-choice
                }  // list interface
              }  // container update-router-advertisement

              leaf update-server {
                type empty;
                description
                  "Propagate TCP/IP settings to DHCP server";
              }
            }  // container dhcpv6-client

            container rpf-check {
              presence "enable rpf-check";
              description
                "Enable reverse-path-forwarding checks on this interface";
              uses apply-advanced;

              leaf fail-filter {
                type string;
                description
                  "Name of filter applied to packets failing RPF check";
              }

              container mode {
                description
                  "Mode for reverse path forwarding";
                leaf loose {
                  type empty;
                  description
                    "Reverse-path-forwarding loose mode";
                }
              }  // container mode
            }  // container rpf-check

            container accounting {
              description
                "Interface-based accounting options";
              uses apply-advanced;

              container source-class-usage {
                uses apply-advanced;

                leaf input {
                  type empty;
                  description
                    "Interface for source-class-usage input";
                }

                leaf output {
                  type empty;
                  description
                    "Interface for source-class-usage output";
                }
              }  // container source-class-usage

              leaf destination-class-usage {
                type empty;
                description
                  "Enable destination class usage on this interface";
              }
            }  // container accounting

            leaf mtu {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Protocol family maximum transmission unit";
            }

            leaf nd6-stale-time {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 18000";
                }
              }
              units "seconds";
              description
                "Stale time to reconfirm reachability with inet6 neighbour";
            }

            leaf no-neighbor-learn {
              type empty;
              description
                "Disable neighbor address learning on interface";
            }

            container ndp-proxy {
              description
                "Enable ndp proxy on interface";
              uses apply-advanced;

              leaf interface-restricted {
                type empty;
                description
                  "Enable ndp interface proxy restricted to interface";
              }
            }  // container ndp-proxy

            container dad-proxy {
              junos:must "(".. ndp-proxy")";
              junos:must-message "ndp-proxy must be configured";
              description
                "DAD proxy on interface";
              uses apply-advanced;

              leaf interface-restricted {
                type empty;
                description
                  "Enable DAD interface proxy restricted to interface";
              }
            }  // container dad-proxy

            leaf nd6-max-cache {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2000000";
                }
              }
              description
                "Max interface ND nexthop cache size";
            }

            leaf nd6-new-hold-limit {
              junos:must "(".. nd6-max-cache")";
              junos:must-message "Interface max ND cache size must be configured";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 2000000";
                }
              }
              description
                "Max no. of new unresolved nexthops";
            }

            leaf no-redirects {
              type empty;
              description
                "Do not redirect traffic";
            }

            container filter {
              description "Packet filtering";
              uses apply-advanced;

              choice input_choice {
                container input {
                  description
                    "Filter to be applied to received packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container input
                leaf-list input-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to received packets ";
                }
              }  // choice input_choice

              choice output_choice {
                container output {
                  description
                    "Filter to be applied to transmitted packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container output
                leaf-list output-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to transmitted packets ";
                }
              }  // choice output_choice

              container adf {
                description
                  "Ascend Data Filter definition";
                uses apply-advanced;

                list rule {
                  key "name";
                  ordered-by user;
                  description
                    "Set of ADF rules";
                  leaf name {
                    type string;
                    description
                      "Value for a single rule";
                  }

                  uses apply-advanced;
                }  // list rule

                leaf counter {
                  type empty;
                  description
                    "Add a counter to each rule";
                }

                leaf input-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the input rules";
                }

                leaf not-mandatory {
                  type empty;
                  description
                    "No errors will be reported if no rules are present";
                }

                leaf output-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the output rules";
                }
              }  // container adf

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Group to which interface belongs";
              }

              leaf dialer {
                junos:must "(".. .. .. .. dialer-options dial-string")";
                junos:must-message "Dial string is mandatory for dialer filter";
                junos:must "(!(".. .. .. .. dialer-options watch-list"))";
                junos:must-message "A dialer interface cannot have watch-list as well as dialer filter";
                type string;
                description
                  "Name of filter applied on dialer";
              }
            }  // container filter

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer

            container sampling {
              junos:must "(("forwarding-options sampling family inet6" || ("forwarding-options packet-capture" || any "forwarding-options sampling instance <*> family inet6")))";
              junos:must-message "Requires forwarding-options sampling or packet-capture config";
              description
                "Interface sampling";
              uses apply-advanced;

              leaf input {
                type empty;
                description
                  "Sample all packets input on this interface";
              }

              leaf output {
                type empty;
                description
                  "Sample all packets output on this interface";
              }
            }  // container sampling

            container service {
              description
                "Service operations";
              uses apply-advanced;

              container input {
                description
                  "Service sets to consider for received packets";
                uses apply-advanced;

                list service-set {
                  key "name";
                  ordered-by user;
                  description
                    "Service set to consider for received packets";
                  leaf name {
                    junos:must "((!(".. .. .. .. .. .. demux-source") && !(".. .. .. .. .. .. demux-destination")))";
                    junos:must-message "Service set cannot be configured on interfaces with demux-source or demux-destination";
                    junos:must "("services service-set $$ interface-service")";
                    junos:must-message "this service set must be an interface service";
                    type string {
                      junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]*$";
                      junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes, underscores, forward slashes, colons and dots.";
                    }
                    description
                      "Name of service set";
                  }

                  uses apply-advanced;

                  leaf service-filter {
                    type string;
                    description
                      "Name of service filter";
                  }
                }  // list service-set

                leaf post-service-filter {
                  type string;
                  description
                    "Post-service filter to apply to received packets";
                }
              }  // container input

              container output {
                description
                  "Service sets to consider for transmitted packets";
                uses apply-advanced;

                list service-set {
                  key "name";
                  ordered-by user;
                  description
                    "Service set to consider for transmitted packets";
                  leaf name {
                    type string {
                      junos:posix-pattern "^[[:alnum:]][[:alnum:]/.:_-]*$";
                      junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes, underscores, forward slashes, colons and dots.";
                    }
                    description
                      "Name of service set";
                  }

                  uses apply-advanced;

                  leaf service-filter {
                    type string;
                    description
                      "Name of service filter";
                  }
                }  // list service-set
              }  // container output
            }  // container service

            container tunnel-termination {
              presence
                "enable tunnel-termination";
              description
                "Tunnel termination";
            }  // container tunnel-termination

            list address {
              junos:must "(!(".. unnumbered-address"))";
              junos:must-message "ipv6 unnumbered-address and ipv6 address must not be defined simultaneously";
              key "name";
              ordered-by user;
              description
                "Interface address or destination prefix";
              leaf name {
                type jt:ipv6prefix;
                description
                  "Interface address or destination prefix";
              }

              uses apply-advanced;

              leaf destination {
                type jt:ipv6addr;
                description
                  "Destination address";
              }

              leaf eui-64 {
                type empty;
                description
                  "Generate EUI-64 interface ID";
              }

              leaf primary {
                type empty;
                description
                  "Candidate for primary address in system";
              }

              leaf preferred {
                type empty;
                description
                  "Preferred address on interface";
              }

              leaf master-only {
                type empty;
                description
                  "Master management IP address for router";
              }

              list ndp {
                key "name";
                ordered-by user;
                description
                  "Static Neighbor Discovery Protocol  entries";
                leaf name {
                  type jt:ipv6addr;
                  description
                    "Destination IP address";
                }

                leaf l2-interface {
                  type union {
                    type jt:interface-name;
                    type string {
                      pattern "<.*>|$.*";
                    }
                  }
                  description
                    "Layer 2 interface name for NDP entry";
                }

                choice mac_address_type {
                  leaf mac {
                    type jt:mac-unicast;
                    description
                      "MAC address";
                  }
                  leaf multicast-mac {
                    type jt:mac-multicast;
                    description
                      "Multicast MAC address";
                  }
                }  // choice mac_address_type

                leaf publish {
                  junos:must "((".. mac" || ".. multicast-mac"))";
                  junos:must-message "either 'mac' or 'multicast-mac' must be configured along with 'publish' statment";
                  type empty;
                  description
                    "Reply to NDP requests for this entry";
                }
              }  // list ndp

              list vrrp-inet6-group {
                junos:must "(!(".. eui-64"))";
                junos:must-message "'vrrp-inet6-group' is not supported when 'eui-64' is configured";
                key "name";
                ordered-by user;
                description "VRRP group";
                uses vrrp-group;
              }  // list vrrp-inet6-group

              container web-authentication {
                description
                  "Parameters for web-based firewall-user authentication";
                uses apply-advanced;

                leaf http {
                  type empty;
                  description
                    "Enable authentication via HTTP";
                }

                leaf https {
                  type empty;
                  description
                    "Enable authentication via HTTPS";
                }

                leaf redirect-to-https {
                  junos:must "(".. https")";
                  junos:must-message "https must be enabled";
                  type empty;
                  description
                    "Web authentication redirect to HTTPS";
                }
              }  // container web-authentication

              leaf virtual-gateway-address {
                junos:must "(!(".. vrrp-inet6-group"))";
                junos:must-message "vrrp configuration incompatible with virtual gateway address";
                type jt:ipv6addr;
                description
                  "Virtual Gateway IP address";
              }

              leaf subnet-router-anycast {
                type empty;
                description
                  "Create a subnet roter anycast address for this address.";
              }
            }  // list address

            container unnumbered-address {
              description
                "Unnumbered interface address/destination prefix";
              leaf source {
                junos:must "("interfaces $$-IFL family inet6 address")";
                junos:must-message "referred interface must have address configured under family inet6";
                type union {
                  type jt:interface-unit;
                  type string {
                    pattern "<.*>|$.*";
                  }
                }
                description
                  "Interface from which to take local address";
              }

              leaf preferred-source-address {
                type string;
                description
                  "Preferred address on the donor interface";
              }
            }  // container unnumbered-address

            choice dad-disable-choice {
              leaf dad-disable {
                type empty;
                description
                  "Disable duplicate-address-detection";
              }
              leaf no-dad-disable {
                type empty;
                description
                  "Don't disable duplicate-address-detection";
              }
            }  // choice dad-disable-choice

            leaf destination-udp-port {
              junos:must "(".. .. .. tunnel encapsulation udp")";
              junos:must-message "destination-udp-port can be configured only for encapsulation udp on fti interface";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10010 .. 10019";
                }
              }
              description
                "Choose destination UDP port number";
            }

            leaf negotiate-address {
              junos:must "(!(".. unnumbered-address"))";
              junos:must-message "negotiate-address and unnumbered-address must not be defined simultaneously";
              junos:must "(!(".. address"))";
              junos:must-message "negotiate-address and address must not be defined simultaneously";
              type empty;
              description
                "Negotiate address with remote";
            }
          }  // container inet6

          container mpls {
            junos:must "(!(".. .. encapsulation frame-relay-ppp"))";
            junos:must-message "family mpls is not supported on encapsulation frame-relay-ppp";
            presence "enable mpls";
            description
              "MPLS protocol parameters";
            uses apply-advanced;

            leaf mtu {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Protocol family maximum transmission unit";
            }

            container filter {
              description "Packet filtering";
              uses apply-advanced;

              choice input_choice {
                leaf input {
                  type string;
                  description
                    "Name of filter applied to received packets";
                }
                leaf-list input-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to received packets ";
                }
              }  // choice input_choice

              leaf-list input-chain {
                type string;
                ordered-by user;
                description
                  "List of filter modules applied to received packets ";
              }

              choice output_choice {
                leaf output {
                  type string;
                  description
                    "Name of filter applied to transmitted packets";
                }
                leaf-list output-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to transmitted packets ";
                }
              }  // choice output_choice

              leaf-list output-chain {
                type string;
                ordered-by user;
                description
                  "List of filter modules applied to transmitted packets ";
              }

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Interface group to which interface belongs";
              }

              leaf dialer {
                junos:must "(".. .. .. .. dialer-options dial-string")";
                junos:must-message "Dial string is mandatory for dialer filter";
                junos:must "(!(".. .. .. .. dialer-options watch-list"))";
                junos:must-message "A dialer interface cannot have watch-list as well as dialer filter";
                type string;
                description
                  "Name of filter applied on dialer";
              }
            }  // container filter

            container ingress-queuing-filter {
              description
                "Protocol family ingress-queuing-filter";
              leaf filter-name {
                type string;
                description
                  "Name of the ingress-queuing-filter";
              }
            }  // container ingress-queuing-filter

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer

            leaf destination-udp-port {
              junos:must "(".. .. .. tunnel encapsulation udp")";
              junos:must-message "destination-udp-port can be configured only for encapsulation udp on fti interface";
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "10020 .. 10029";
                }
              }
              description
                "Choose destination UDP port number";
            }
          }  // container mpls

          container mlppp {
            junos:must "(!("interfaces ${interface} container-options"))";
            junos:must-message "mlppp is not supported for container interfaces";
            description
              "Multilink PPP protocol parameters";
            uses apply-advanced;

            leaf bundle {
              junos:must "((!(".. .. .. dial-options") || "interfaces $$-IFL encapsulation multilink-ppp"))";
              junos:must-message "Bundle interface must be configured";
              junos:must "((!(".. .. .. pppoe-options") || "interfaces $$-IFL encapsulation multilink-ppp"))";
              junos:must-message "Bundle interface must be configured";
              type string;
              description
                "Logical interface name this link will join";
            }

            choice anchor-points {
              case case_1 {
              }  // case case_1

              case case_2 {
              }  // case case_2
            }  // choice anchor-points

            leaf dynamic-profile {
              junos:must "("dynamic-profiles $$")";
              junos:must-message "referenced dynamic-profile must be defined";
              type string {
                length "1 .. 80";
              }
              description
                " dynamic profile for interface to use";
            }
          }  // container mlppp

          container mlfr-end-to-end {
            junos:must "(!(".. .. encapsulation frame-relay-ppp"))";
            junos:must-message "family mlfr-end-to-end is not supported on encapsulation frame-relay-ppp";
            presence
              "enable mlfr-end-to-end";
            description
              "Multilink Frame Relay end-to-end protocol parameters";
            uses apply-advanced;

            leaf bundle {
              type union {
                type jt:interface-unit;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Logical interface name this link will join";
            }
          }  // container mlfr-end-to-end

          container mlfr-uni-nni {
            junos:must "(!(".. .. encapsulation frame-relay-ppp"))";
            junos:must-message "family mlfr-uni-uni is not supported on encapsulation frame-relay-ppp";
            presence "enable mlfr-uni-nni";
            description
              "Multilink Frame Relay UNI NNI protocol parameters";
            uses apply-advanced;

            leaf bundle {
              type union {
                type jt:interface-unit;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "Logical interface name this link will join";
            }
          }  // container mlfr-uni-nni

          container ccc {
            junos:must "(!(".. .. encapsulation frame-relay-ppp"))";
            junos:must-message "family ccc is not supported on encapsulation frame-relay-ppp";
            presence "enable ccc";
            description
              "Circuit cross-connect parameters";
            uses apply-advanced;

            container filter {
              description "Packet filtering";
              uses apply-advanced;

              choice input_choice {
                leaf input {
                  type string;
                  description
                    "Name of filter applied to received packets";
                }
                leaf-list input-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to received packets ";
                }
              }  // choice input_choice

              leaf-list input-chain {
                type string;
                ordered-by user;
                description
                  "List of filter modules applied to received packets ";
              }

              choice output_choice {
                leaf output {
                  type string;
                  description
                    "Name of filter applied to transmitted packets";
                }
                leaf-list output-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to transmitted packets ";
                }
              }  // choice output_choice

              leaf-list output-chain {
                type string;
                ordered-by user;
                description
                  "List of filter modules applied to transmitted packets ";
              }

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Interface group to which interface belongs";
              }
            }  // container filter

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer

            leaf translate-fecn-and-becn {
              type empty;
              description
                "Translate FECN and BECN bits";
            }

            choice de-or-plp {
              leaf translate-discard-eligible {
                type empty;
                description
                  "Translate DE bit";
              }

              case case_2 {
              }  // case case_2
            }  // choice de-or-plp

            leaf keep-address-and-control {
              type empty;
              description
                "Don't strip PPP address and control bytes";
            }
          }  // container ccc

          container tcc {
            junos:must "(!(".. .. encapsulation frame-relay-ppp"))";
            junos:must-message "family tcc is not supported on encapsulation frame-relay-ppp";
            presence "enable tcc";
            description
              "Translational cross-connect parameters";
            uses apply-advanced;

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer

            container proxy {
              presence "enable proxy";
              uses apply-advanced;

              leaf inet-address {
                type jt:ipv4addr;
                description
                  "Remote host address on non-Ethernet side of Ethernet TCC";
              }
            }  // container proxy

            container remote {
              presence "enable remote";
              uses apply-advanced;

              leaf inet-address {
                type jt:ipv4addr;
                description
                  "Remote host address on Ethernet side of Ethernet TCC";
              }

              leaf mac-address {
                type jt:mac-addr;
                description
                  "Remote host MAC address on Ethernet side of Ethernet TCC";
              }
            }  // container remote
          }  // container tcc

          container vpls {
            presence "enable vpls";
            description
              "Virtual private LAN service parameters";
            uses apply-advanced;

            leaf core-facing {
              type empty;
              description
                "Interface is core facing";
            }

            container filter {
              description "Packet filtering";
              uses apply-advanced;

              choice input_choice {
                container input {
                  description
                    "Filter to be applied to received packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container input
                leaf-list input-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to received packets ";
                }
              }  // choice input_choice

              choice output_choice {
                container output {
                  description
                    "Filter to be applied to transmitted packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container output
                leaf-list output-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to transmitted packets ";
                }
              }  // choice output_choice

              container adf {
                description
                  "Ascend Data Filter definition";
                uses apply-advanced;

                list rule {
                  key "name";
                  ordered-by user;
                  description
                    "Set of ADF rules";
                  leaf name {
                    type string;
                    description
                      "Value for a single rule";
                  }

                  uses apply-advanced;
                }  // list rule

                leaf counter {
                  type empty;
                  description
                    "Add a counter to each rule";
                }

                leaf input-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the input rules";
                }

                leaf not-mandatory {
                  type empty;
                  description
                    "No errors will be reported if no rules are present";
                }

                leaf output-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the output rules";
                }
              }  // container adf

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Group to which interface belongs";
              }
            }  // container filter

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer
          }  // container vpls

          container bridge {
            junos:must "((!(".. vpls") && (!(".. inet") && (!(".. inet6") && (!(".. ccc") && (!(".. ethernet-switching") && (!(".. iso") && (!(".. llc2") && (!(".. mpls") && (!(".. tcc") && (!(".. pppoe") && !(".. gre"))))))))))))";
            junos:must-message "family bridge and rest of the families are mutually exclusive";
            presence "enable bridge";
            description
              "Layer-2 bridging parameters";
            uses apply-advanced;

            leaf core-facing {
              type empty;
              description
                "Interface is core facing";
            }

            container filter {
              description "Packet filtering";
              uses apply-advanced;

              choice input_choice {
                container input {
                  description
                    "Filter to be applied to received packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container input
                leaf-list input-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to received packets ";
                }
              }  // choice input_choice

              choice output_choice {
                container output {
                  description
                    "Filter to be applied to transmitted packets";
                  leaf filter-name {
                    type string;
                    description
                      "Name of the filter";
                  }

                  leaf shared-name {
                    type string;
                    description
                      "Filter shared-name of instances of interface-shared filter";
                  }

                  leaf precedence {
                    type union {
                      type string {
                        pattern "<.*>|$.*";
                      }
                      type uint32 {
                        range "0 .. 255";
                      }
                    }
                    description
                      "Precedence of the filter";
                  }
                }  // container output
                leaf-list output-list {
                  type string;
                  ordered-by user;
                  description
                    "List of filter modules applied to transmitted packets ";
                }
              }  // choice output_choice

              container adf {
                description
                  "Ascend Data Filter definition";
                uses apply-advanced;

                list rule {
                  key "name";
                  ordered-by user;
                  description
                    "Set of ADF rules";
                  leaf name {
                    type string;
                    description
                      "Value for a single rule";
                  }

                  uses apply-advanced;
                }  // list rule

                leaf counter {
                  type empty;
                  description
                    "Add a counter to each rule";
                }

                leaf input-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the input rules";
                }

                leaf not-mandatory {
                  type empty;
                  description
                    "No errors will be reported if no rules are present";
                }

                leaf output-precedence {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "0 .. 255";
                    }
                  }
                  description
                    "Precedence of the output rules";
                }
              }  // container adf

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Group to which interface belongs";
              }
            }  // container filter

            container policer {
              description
                "Interface policing";
              uses apply-advanced;

              leaf input {
                type string;
                description
                  "Name of policer applied to received packets";
              }

              leaf output {
                type string;
                description
                  "Name of policer applied to transmitted packets";
              }
            }  // container policer

            leaf interface-mode {
              type enumeration {
                enum "access" {
                  junos:must "((!("interfaces ${interface} vlan-tagging") && (!("interfaces ${interface} flexible-vlan-tagging") && !("interfaces ${interface} stacked-vlan-tagging"))))";
                  junos:must-message "interface-mode access is allowed only for untagged interfaces";
                  value 0;
                  description
                    "Interface mode is access";
                }
                enum "trunk" {
                  junos:must "(!("interfaces ${interface} no-native-vlan-insert"))";
                  junos:must-message "'interface-mode trunk' must not be configured with 'no-native-vlan-insert'";
                  junos:must "((("protocols mvrp interface ${interface}" || any "routing-instances <*> protocols mvrp interface ${interface}") || (".. vlan-id-list" || (".. isid-list" || (".. inner-vlan-id-list" || (".. vlan members" || ("..inner-vlan members" || (".. vlan-id" || ".. vlan-auto-sense"))))))))";
                  junos:must-message "'interface-mode trunk' must be defined with either 'vlan-id-list','isid-list', 'inner-vlan-id-list' or the interface must be configured for 'protocols mvrp' or 'vlan-auto-sense'";
                  value 1;
                  description
                    "Interface mode is trunk";
                }
              }
              description
                "Interface mode (access or trunk)";
            }

            leaf vlan-auto-sense {
              junos:must "(".. interface-mode trunk")";
              junos:must-message "vlan-auto-sense can be enabled only on trunk interfaces";
              type empty;
              description
                "Enable VLAN auto sense on this interface";
            }

            leaf bridge-domain-type {
              type enumeration {
                enum "svlan" {
                  junos:must "(".. isid-list all-service-groups")";
                  junos:must-message "bridge-domain-type svlan is allowed only for isid tagged interfaces";
                  junos:must "(".. interface-mode trunk")";
                  junos:must-message "bridge-domain-type svlan is allowed only for trunk interfaces";
                  value 0;
                  description
                    "Bridge domain type svlan";
                }
                enum "bvlan" {
                  junos:must "(".. isid-list all")";
                  junos:must-message "bridge-domain-type bvlan is allowed only for isid tagged interfaces";
                  junos:must "(".. interface-mode trunk")";
                  junos:must-message "bridge-domain-type bvlan is allowed only for trunk interfaces";
                  value 1;
                  description
                    "Bridge domain type bvlan";
                }
              }
              description
                "Bridge domain type (svlan or bvlan)";
            }

            leaf inter-switch-link {
              junos:must "(".. interface-mode trunk")";
              junos:must-message "'Inter switch link' is supported only under trunk interface mode";
              type empty;
              description
                "PVLAN inter switch link";
            }

            choice vlan_list {
              leaf vlan-id {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 4094";
                  }
                }
                description
                  "Access mode and trunk mode VLAN membership";
              }
              leaf-list vlan-id-list {
                junos:must "((!(".. .. .. vlan-id") && !(".. .. .. vlan-tags")))";
                junos:must-message "'vlan-id-list' cannot be used on interface with vlan-id/vlan-tags";
                junos:must "(!("interfaces ${interface} stacked-vlan-tagging"))";
                junos:must-message "'vlan-id-list' is not supported on stacked-vlan-tagging mode";
                junos:must "(".. interface-mode trunk")";
                junos:must-message "'vlan-id-list' statement supported only under trunk interface mode";
                type jt:vlan-range;
                description
                  "Trunk mode VLAN membership for this interface";
              }
              leaf-list inner-vlan-id-list {
                junos:must "((!(".. .. .. vlan-tags inner") && !(".. .. .. vlan-tags inner-range")))";
                junos:must-message "'inner-vlan-id-list' cannot be used on interface with vlan-tags inner/inner-range";
                junos:must "((".. .. .. vlan-id" || ".. .. .. vlan-tags"))";
                junos:must-message "'inner-vlan-id-list' can be used only on interface with vlan-id/vlan-tags";
                junos:must "("interfaces ${interface} flexible-vlan-tagging")";
                junos:must-message "'inner-vlan-id-list' is supported only on flexible-vlan-tagging mode";
                junos:must "(".. interface-mode trunk")";
                junos:must-message "'inner-vlan-id-list' statement supported only under trunk interface mode";
                type jt:vlan-range;
                description
                  "Trunk mode VLAN membership for this interface based on inner VLAN tag";
              }
            }  // choice vlan_list

            container vlan-rewrite {
              junos:must "((".. inner-vlan-id-list" || ".. vlan-id-list"))";
              junos:must-message "'vlan-rewrite' statement can be used only with 'vlan-id-list' or inner-vlan-id-list configured";
              junos:must "(".. interface-mode trunk")";
              junos:must-message "'vlan-rewrite' statement supported only under trunk interface mode";
              description
                "Specify vlan translation";
              uses apply-advanced;

              list translate {
                key "name";
                ordered-by user;
                description
                  "Translate incoming VLAN tag";
                leaf name {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 4094";
                    }
                  }
                  description
                    "Specify the incoming VLAN tag";
                }

                leaf to-vlan-id {
                  type union {
                    type string {
                      pattern "<.*>|$.*";
                    }
                    type uint32 {
                      range "1 .. 4094";
                    }
                  }
                  description
                    "Specify the bridge-domain VLAN-ID";
                }
              }  // list translate
            }  // container vlan-rewrite

            choice isid_list {
              case case_1 {
              }  // case case_1
            }  // choice isid_list

            container recovery-timeout {
              junos:must "(".. storm-control")";
              junos:must-message "Recovery timeout should be configured only with storm-control";
              description
                "Recovery timeout for this interface";
              leaf time-in-seconds {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "10 .. 3600";
                  }
                }
                units "seconds";
              }
            }  // container recovery-timeout
          }  // container bridge

          container ethernet-switching {
            junos:must "((!(".. vpls") && (!(".. inet") && (!(".. inet6") && (!(".. bridge") && (!(".. ccc") && (!(".. iso") && (!(".. llc2") && (!(".. mpls") && (!(".. tcc") && (!(".. pppoe") && !(".. gre"))))))))))))";
            junos:must-message "Family ethernet-switching and rest of the families are mutually exclusive";
            junos:must "(!(("protocols l2-learning global-mode switching" && any "security zones security-zone <*> interfaces ${interface}")))";
            junos:must-message "In switching mode, ethernet-switching interface must not be in security zone.";
            junos:must "(!(("interfaces ${interface} vlan-tagging" && !("protocols l2-learning global-mode transparent-bridge"))))";
            junos:must-message "An interface cannot have both family ethernet-switching and vlan-tagging configured";
            junos:must "(!(("interfaces ${interface} vlan-tagging" && "protocols l2-learning global-mode switching")))";
            junos:must-message "An interface cannot have both family ethernet-switching and vlan-tagging configured";
            junos:must "(!((!("protocols l2-learning global-mode transparent-bridge") && any "security zones security-zone <*> interfaces ${interface}")))";
            junos:must-message "In switching mode, ethernet-switching interface must not be in security zone.";
            presence
              "enable ethernet-switching";
            description
              "Ethernet switching parameters";
            uses ethernet-switching-type;
          }  // container ethernet-switching

          container fibre-channel {
            presence "enable fibre-channel";
            description
              "Fibre channel switching parameters";
            uses fibre-channel-type;
          }  // container fibre-channel

          container any {
            presence "enable any";
            description
              "Parameters for 'any' family";
            uses apply-advanced;

            container filter {
              description
                "Layer 2 packet filtering";
              uses apply-advanced;

              leaf input {
                junos:must "(("firewall family any filter $$" || (!("firewall") && ".. .. .. .. .. .. firewall family any filter $$")))";
                junos:must-message "referenced filter must be defined under firewall family any";
                type string {
                  junos:posix-pattern "!^((__.*)|(.{65,}))$";
                  junos:pattern-message "Must be a non-reserved string of 64 characters or less";
                }
                description
                  "Name of filter applied to received packets";
              }

              leaf group {
                type union {
                  type string {
                    pattern "<.*>|$.*";
                  }
                  type uint32 {
                    range "1 .. 255";
                  }
                }
                description
                  "Group to which interface belongs";
              }
            }  // container filter
          }  // container any

          uses apply-advanced;
        }  // container family

        leaf service-domain {
          type enumeration {
            enum "inside" {
              value 0;
              description "Inside network";
            }
            enum "outside" {
              value 1;
              description "Outside network";
            }
          }
          description
            "Service domain to which interface belongs";
        }

        leaf copy-tos-to-outer-ip-header {
          type empty;
          description
            "Copy IP payload header's ToS field to GRE delivery header";
        }

        container load-balancing-options {
          junos:must "(!(".. .. load-balancing-options high-availability-options one-to-one"))";
          junos:must-message "load-balancing-options are used when number of active members is more than one";
          description
            "AMS subunit load balancing options";
          uses apply-advanced;

          leaf preferred-active {
            junos:must "((".. .. .. load-balancing-options member-interface $$" && !(".. .. .. load-balancing-options high-availability-options many-to-one preferred-backup $$")))";
            junos:must-message "Active should be one of member-interfaces excluding preferred-backup";
            type union {
              type jt:interface-device;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description
              "Preferred active Interface name";
          }

          leaf disable-hash {
            junos:must "(".. .. service-domain")";
            junos:must-message "service-domain must be configured if disable-hash is enabled";
            junos:must "(!(".. hash-keys"))";
            junos:must-message "hash-keys must not be configured if disable-hash is enabled";
            type empty;
            description
              "Hash based distribution is not needed for this subunit";
          }

          container hash-keys {
            uses apply-advanced;

            leaf-list ingress-key {
              type enumeration {
                enum "source-ip" {
                  value 0;
                  description
                    "Source Ip Address";
                }
                enum "destination-ip" {
                  value 1;
                  description
                    "Destination Ip Address";
                }
                enum "protocol" {
                  value 2;
                  description "Protocol";
                }
                enum "iif" {
                  value 3;
                  description
                    "Incoming Interface";
                }
              }
              ordered-by user;
              description
                "Hash Key for the ingress direction";
            }

            leaf-list egress-key {
              type enumeration {
                enum "source-ip" {
                  value 0;
                  status deprecated;
                  description
                    "Source Ip Address";
                }
                enum "destination-ip" {
                  value 1;
                  status deprecated;
                  description
                    "Destination Ip Address";
                }
                enum "protocol" {
                  value 2;
                  status deprecated;
                  description "Protocol";
                }
                enum "oif" {
                  value 3;
                  status deprecated;
                  description
                    "Outgoing Interface";
                }
              }
              ordered-by user;
              status deprecated;
              description
                "Hash Key for the egress direction";
            }

            leaf ipv6-source-prefix-length {
              type enumeration {
                enum "56" {
                  value 0;
                  description
                    "56 bit IPv6 address prefix";
                }
                enum "64" {
                  value 1;
                  description
                    "64 bit IPv6 address prefix";
                }
                enum "96" {
                  value 2;
                  description
                    "96 bit IPv6 address prefix";
                }
                enum "128" {
                  value 3;
                  description
                    "Complete 128 bit IPv6 address";
                }
              }
              description
                "IPv6 source prefix length for hash computation";
            }
          }  // container hash-keys
        }  // container load-balancing-options

        container interface-state {
          description
            "IRB interface state computation";
          uses apply-advanced;

          choice state {
            leaf local-interface {
              type union {
                type jt:interface-name;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              description
                "IRB State computation based on loopback AE port state";
            }
          }  // choice state

          container hold-time {
            description
              "Delay before marking interface up or down for defect";
            uses apply-advanced;

            leaf up {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "seconds";
              description
                "Delay in seconds before marking IRB interface up";
            }

            leaf down {
              type union {
                type uint32;
                type string {
                  pattern "<.*>|$.*";
                }
              }
              units "seconds";
              description
                "Delay in seconds before marking IRB interface down";
            }
          }  // container hold-time
        }  // container interface-state

        leaf mac {
          type jt:mac-unicast;
          description
            "Configure logical interface MAC address";
        }

        leaf virtual-gateway-v4-mac {
          type jt:mac-unicast;
          description
            "Configure virtual gateway IPV4 virtual MAC address";
        }

        leaf virtual-gateway-v6-mac {
          type jt:mac-unicast;
          description
            "Configure virtual gateway IPV6 virtual MAC address";
        }

        leaf etree-ac-role {
          type enumeration {
            enum "root" {
              value 0;
              description
                "ETREE root interface";
            }
            enum "leaf" {
              value 1;
              description
                "ETREE leaf interface";
            }
          }
          description
            "ETREE attachment circuit role";
        }

        container dialer-options {
          presence "enable dialer-options";
          description "Dialer options";
          uses apply-advanced;

          leaf pool {
            junos:must "((!("interfaces umd0 dialer-options pool $$") || !(".. callback")))";
            junos:must-message "callback is not supported if the subordinate interface is umd0";
            junos:must "(any "interfaces <*> dialer-options pool $$")";
            junos:must-message "Pool not configured in any subordinate interface";
            junos:must "(unique "interfaces <dl*>")";
            junos:must-message "Only one dl interface can be configured";
            type string {
              length "1 .. 64";
            }
            description "Dialer pool";
          }

          leaf-list dial-string {
            type string {
              length "1 .. 63";
            }
            max-elements 15;
            ordered-by user;
            description "String to dial out";
          }

          container incoming-map {
            description
              "Map incoming call to dialer";
            uses apply-advanced;

            choice caller-type {
              list caller {
                key "name";
                max-elements 300;
                ordered-by user;
                description
                  "Caller Id to be screened";
                leaf name {
                  type string {
                    junos:posix-pattern "^([0-9]{1,15})$";
                    junos:pattern-message "Can contain up to 15 digits";
                  }
                  description
                    "Caller ID (upto 15 digits)";
                }
              }  // list caller
              leaf accept-all {
                type empty;
                description
                  "Accept all incoming calls";
              }
            }  // choice caller-type
          }  // container incoming-map

          leaf callback {
            junos:must "(!(".. watch-list "))";
            junos:must-message "A dialer interface cannot have callback enabled and watch-list at the same time";
            junos:must "(".. dial-string")";
            junos:must-message "Dial string is mandatory for callback";
            junos:must "(".. incoming-map")";
            junos:must-message "incoming-map is mandatory for callback";
            type empty;
            description
              "Call back on any incoming call to the dialer";
          }

          leaf callback-wait-period {
            junos:must "(".. callback")";
            junos:must-message "Callback needs to be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 255";
              }
            }
            units "seconds";
            description
              "Time to wait before calling back";
          }

          leaf redial-delay {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 255";
              }
            }
            units "seconds";
            description
              "Time to wait before redialing";
          }

          leaf idle-timeout {
            junos:must "((".. .. family inet  filter dialer" || (".. .. family inet6 filter dialer" || ".. .. family mpls  filter dialer")))";
            junos:must-message "Dialer filter must be configured";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 4294967295";
              }
            }
            units "seconds";
            default "120";
            description
              "Delay before taking down the interface";
          }

          list watch-list {
            junos:must "(".. dial-string")";
            junos:must-message "dial-string is mandatory for watch-list";
            key "name";
            description "Dialer watch list";
            leaf name {
              type jt:ipprefix-only;
              description "Address prefix";
            }

            uses apply-advanced;
          }  // list watch-list

          leaf load-threshold {
            junos:must "(".. .. .. encapsulation multilink-ppp")";
            junos:must-message "Encapsulation must be multilink-ppp";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 100";
              }
            }
            description
              "Load threshold for adding interfaces";
          }

          leaf load-interval {
            junos:must "(".. .. .. encapsulation multilink-ppp")";
            junos:must-message "Encapsulation must be multilink-ppp";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "20 .. 180";
              }
            }
            units "seconds";
            description
              "Interval used to calculate average load";
          }

          leaf activation-delay {
            junos:must "(!((".. .. family inet  filter dialer" || (".. .. family inet6 filter dialer" || ".. .. family mpls  filter dialer"))))";
            junos:must-message "Activation delay cannot be configured for dialer filter";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            units "seconds";
            description "Activation delay";
          }

          leaf deactivation-delay {
            junos:must "(!((".. .. family inet  filter dialer" || (".. .. family inet6 filter dialer" || ".. .. family mpls  filter dialer"))))";
            junos:must-message "Deactivation delay cannot be configured for dialer filter";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4294967295";
              }
            }
            units "seconds";
            description "Deactivation delay";
          }

          leaf initial-route-check {
            junos:must "(".. watch-list")";
            junos:must-message "No watch list specified under dialer options";
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 300";
              }
            }
            units "seconds";
            default "120";
            description
              "Delay to check primary after the router is up";
          }

          leaf-list route {
            type jt:ipprefix;
            ordered-by user;
            description "Route on dialer";
          }

          leaf always-on {
            junos:must "(unique "interfaces <dl*> unit <*> dialer-options always-on")";
            junos:must-message "Only one dl logical interface can have always-on configured";
            junos:must "(!((".. .. family inet  filter dialer" || (".. .. family inet6 filter dialer" || ".. .. family mpls  filter dialer"))))";
            junos:must-message "A dialer interface cannot have always-on enabled and filter at the same time";
            type empty;
            description
              "Always keep on-line";
          }

          leaf self-recover-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 120";
              }
            }
            units "seconds";
            description
              "Sub-interface self-recover time";
          }
        }  // container dialer-options

        container backup-options {
          description
            "Backup interface configuration options";
          uses apply-advanced;

          leaf interface {
            junos:must "("interfaces $$-IFL dialer-options dial-string")";
            junos:must-message "No dial-string configured in backup dialer interface";
            junos:must "(!("interfaces $$-IFL dialer-options callback "))";
            junos:must-message "A dialer interface cannot be backup as well as have callback";
            junos:must "(!(("interfaces $$-IFL family inet  filter dialer" || ("interfaces $$-IFL family inet6 filter dialer" || "interfaces $$-IFL family mpls  filter dialer"))))";
            junos:must-message "A dialer interface cannot be backup as well as have dialer filter";
            junos:must "(!("interfaces $$-IFL dialer-options watch-list "))";
            junos:must-message "A dialer interface cannot be backup as well as have watch list";
            junos:must "("interfaces $$-IFL dialer-options")";
            junos:must-message "No dialer options configured in backup dialer interface";
            junos:must "(!("interfaces $$-IFL dialer-options always-on"))";
            junos:must-message "A dialer interface cannot be backup as well as always-on";
            type union {
              type jt:interface-name;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Backup interface";
          }
        }  // container backup-options

        container dynamic-call-admission-control {
          description
            "Dynamic call admission control configuration";
          uses apply-advanced;

          leaf bearer-bandwidth-limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "0 .. 9999";
              }
            }
            units "kilobits per second";
            description
              "Bearer bandwidth limit";
          }

          leaf activation-priority {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint8 {
                range "0 .. 255";
              }
            }
            default "50";
            description
              "Priority assigned to bearer bandwidth limit";
          }
        }  // container dynamic-call-admission-control
      }  // list unit
    }  // grouping tenant_interfaces_type

    grouping dcd_shaping_config {
      description "Traffic-shaping profile";
      uses apply-advanced;

      choice useless_shaping_choice {
        container cbr {
          presence "enable cbr";
          description
            "Constant bandwidth utilization";
          leaf cbr-value {
            type string;
            description
              "Constant bandwidth utilization";
          }

          leaf cdvt {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 9999";
              }
            }
            units "microseconds";
            description
              "Cell Delay Variation Tolerance";
          }
        }  // container cbr
        container vbr {
          description
            "Variable bandwidth utilization";
          leaf peak {
            type string;
            description "Peak rate";
          }

          leaf sustained {
            type string;
            description "Sustained rate";
          }

          leaf burst {
            type string;
            description "Burst size";
          }

          leaf cdvt {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 9999";
              }
            }
            units "microseconds";
            description
              "Cell Delay Variation Tolerance";
          }
        }  // container vbr
        container rtvbr {
          description
            "ATM2 real-time variable bandwidth utilization";
          leaf peak {
            type string;
            description "Peak rate";
          }

          leaf sustained {
            type string;
            description "Sustained rate";
          }

          leaf burst {
            type string;
            description "Burst size";
          }
        }  // container rtvbr
      }  // choice useless_shaping_choice

      leaf queue-length {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 16383";
          }
        }
        description "Queue length";
      }
    }  // grouping dcd_shaping_config

    grouping dhcp-client-type {
      description
        "Dynamic Host Configuration Protocol client configuration";
      uses apply-advanced;

      container client-identifier {
        description
          "DHCP server identifies a client by client-identifier value ";
        uses apply-advanced;

        choice client-identifier-choice {
          leaf ascii {
            type string;
            description
              "Client identifier as an ASCII string";
          }
          leaf hexadecimal {
            type string {
              junos:posix-pattern "^[[:xdigit:]]+$";
              junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
            }
            description
              "Client identifier as a hexadecimal string";
          }
        }  // choice client-identifier-choice

        container user-id {
          description
            "Add user id to client-id option ";
          choice user-id-choice {
            leaf ascii {
              type string;
              description
                "Client identifier as an ASCII string";
            }
            leaf hexadecimal {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
              }
              description
                "Client identifier as a hexadecimal string";
            }
          }  // choice user-id-choice
        }  // container user-id

        container prefix {
          description
            "Add prefix to client-id option";
          uses apply-advanced;

          leaf host-name {
            type empty;
            description
              "Add router host name to client-id option";
          }

          leaf logical-system-name {
            type empty;
            description
              "Add logical system name to client-id option";
          }

          leaf routing-instance-name {
            type empty;
            description
              "Add routing instance name to client-id option";
          }
        }  // container prefix

        leaf use-interface-description {
          type enumeration {
            enum "logical" {
              value 0;
              description
                "Use the logical interface description";
            }
            enum "device" {
              value 1;
              description
                "Use the device interface description";
            }
          }
          description
            "Use the interface description";
        }

        leaf hardware-type {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint8 {
              range "0 .. 255";
            }
          }
          default "0";
          description "Hardware type";
        }
      }  // container client-identifier

      container no-dns-install {
        presence "enable no-dns-install";
        description
          "Do not install DNS information learned from DHCP server";
      }  // container no-dns-install

      leaf lease-time {
        type string;
        units "seconds";
        description
          "Lease time in seconds requested in DHCP client protocol packet";
      }

      leaf retransmission-attempt {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 50000";
          }
        }
        default "4";
        description
          "Number of attempts to retransmit the DHCP client protocol packet";
      }

      leaf retransmission-interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "4 .. 64";
          }
        }
        units "seconds";
        default "4";
        description
          "Number of seconds between successive retransmission";
      }

      leaf metric {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 255";
          }
        }
        default "0";
        description
          "Client initiated default-route metric";
      }

      leaf server-address {
        type jt:ipv4addr;
        description "DHCP Server-address";
      }

      leaf update-server {
        type empty;
        description
          "Propagate TCP/IP settings to DHCP server";
      }

      leaf vendor-id {
        type string {
          length "1 .. 60";
        }
        description
          "Vendor class id for the DHCP Client";
      }

      leaf force-discover {
        type empty;
        description
          "Send DHCPDISCOVER after DHCPREQUEST retransmission failure";
      }

      container options {
        description "DHCP options";
        uses apply-advanced;

        list number {
          key "name";
          description "DHCP option code";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 254";
              }
            }
            description
              "DHCP option identifier code";
          }

          choice option-type-choice {
            leaf hex-string {
              type string {
                junos:posix-pattern "^[[:xdigit:]]+$";
                junos:pattern-message "Must be hexadecimal digits (0-9, a-f, A-F)";
                length "1 .. 510";
              }
              description
                "Hexadecimal string";
            }
          }  // choice option-type-choice
        }  // list number

        leaf no-hostname {
          type empty;
          description
            "Do not carry hostname (RFC option code is 12) in packet";
        }
      }  // container options

      list requested-options {
        key "name";
        description "DHCP options";
        leaf name {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 254";
            }
          }
          description
            "DHCP option identifier code";
        }
      }  // list requested-options
    }  // grouping dhcp-client-type

    grouping dynamic_ifbw_parms_type {
      uses apply-advanced;

      leaf capacity {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        status deprecated;
        description
          "Weight of current (vs. maximum) data rate";
      }

      leaf margin {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        status deprecated;
        description
          "Maximum reduction in bandwidth due to low link quality";
      }

      leaf delay {
        type string;
        units "bits per second";
        status deprecated;
        description
          "Bandwidth reduction when delay is announced as 1 second";
      }

      leaf bandwidth {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        description
          "Weight of current (vs. maximum) data rate";
      }

      leaf resource {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        description "Resource weight";
      }

      leaf latency {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        description "Latency weight";
      }

      leaf quality {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        description
          "Relative Link Quality weight";
      }

      leaf data-rate {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        description "Data rate weight";
      }

      leaf threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 100";
          }
        }
        units "percent";
        description
          "Percentage bandwidth change required for routing updates";
      }

      container credit {
        presence "enable credit";
        description
          "Credit-based scheduling parameters";
        uses apply-advanced;

        leaf interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "1 .. 60";
            }
          }
          description
            "Grant rate interval in 100mS steps";
        }
      }  // container credit
    }  // grouping dynamic_ifbw_parms_type

    grouping epd_threshold_config {
      uses apply-advanced;

      leaf epd-threshold-plp0 {
        type string;
        units "cells";
        description
          "Early packet discard threshold value";
      }

      leaf plp1 {
        type string;
        units "cells";
        description
          "Early packet drop threshold value for PLP 1";
      }
    }  // grouping epd_threshold_config

    grouping ethernet-switching-type {
      description
        "Ethernet switching family";
      uses apply-advanced;

      leaf port-mode {
        type enumeration {
          enum "access" {
            value 0;
            description
              "Interface mode is access";
          }
          enum "tagged-access" {
            value 1;
            description
              "Interface mode is tagged-access";
          }
          enum "trunk" {
            value 2;
            description
              "Interface mode is trunk";
          }
        }
        description "Type of port mode";
      }

      leaf interface-mode {
        type enumeration {
          enum "access" {
            junos:must "((!("interfaces ${interface} vlan-tagging") && (!("interfaces ${interface} flexible-vlan-tagging") && (!("interfaces ${interface} stacked-vlan-tagging") && !("interfaces ${interface} encapsulation extended-vlan-bridge")))))";
            junos:must-message "interface-mode access is allowed only for untagged interfaces, also not allowed with flexible-vlan-tagging and extended-vlan-bridge";
            value 0;
            description
              "Interface mode is access";
          }
          enum "trunk" {
            junos:must "((!(("protocols dot1x authenticator interface ${interface}.${unit}" || "protocols dot1x supplicant interface ${interface}.${unit}")) || ("interfaces ${interface} native-vlan-id" && !("interfaces ${interface} flexible-vlan-tagging"))))";
            junos:must-message "Must configure native-vlan-id but no flexible-vlan-tagging for dot1x enabled port";
            junos:must "(!("interfaces ${interface} encapsulation extended-vlan-bridge"))";
            junos:must-message "interface-mode is not allowed for extended-vlan-bridge";
            value 1;
            description
              "Interface mode is trunk";
          }
        }
        default "access";
        description "Type of interface mode";
      }

      leaf inter-switch-link {
        junos:must "(".. interface-mode trunk")";
        junos:must-message "'Inter switch link' is supported only under trunk interface mode";
        type empty;
        description
          "PVLAN inter switch link";
      }

      leaf reflective-relay {
        junos:must "(".. port-mode tagged-access")";
        junos:must-message "Reflective relay is supported only on tagged-access port";
        type empty;
        description
          "Reflective-relay mode for this interface";
      }

      choice vlan_choice_list {
        container vlan {
          description
            "Virtual LAN parameters";
          uses apply-advanced;

          leaf-list members {
            type string;
            ordered-by user;
            description
              "Membership for this interface (name or id)";
          }
        }  // container vlan
        container inner-vlan {
          description
            "Trunk mode vlan membership for this interface";
          uses apply-advanced;

          leaf-list members {
            type string;
            ordered-by user;
            description
              "Membership for this interface (name or id)";
          }
        }  // container inner-vlan
        leaf-list inner-vlan-id-list {
          junos:must "((!(".. .. .. vlan-tags inner") && !(".. .. .. vlan-tags inner-range")))";
          junos:must-message "'inner-vlan-id-list' cannot be used on interface with vlan-tags inner or inner-range configured";
          junos:must "((".. .. .. vlan-id" || ".. .. .. vlan-tags"))";
          junos:must-message "'inner-vlan-id-list' can be used only on interface with vlan-id/vlan-tags";
          junos:must "("interfaces ${interface} flexible-vlan-tagging")";
          junos:must-message "'inner-vlan-id-list' is supported only on flexible-vlan-tagging mode";
          junos:must "(".. interface-mode trunk")";
          junos:must-message "'inner-vlan-id-list' statement supported only under trunk interface mode";
          type jt:vlan-range;
          description
            "Trunk mode VLAN membership for this interface based on inner VLAN tag";
        }
      }  // choice vlan_choice_list

      leaf vlan-auto-sense {
        junos:must "(".. interface-mode trunk")";
        junos:must-message "vlan-auto-sense can be enabled only on trunk ports";
        type empty;
        description
          "Enable VLAN auto sense on this interface";
      }

      leaf bridge-domain-type {
        type enumeration {
          enum "svlan" {
            junos:must "(".. isid-list all-service-groups")";
            junos:must-message "bridge-domain-type SVLAN is allowed only for ISID tagged interfaces";
            junos:must "(".. interface-mode trunk")";
            junos:must-message "bridge-domain-type SVLAN is allowed only for trunk interfaces";
            value 0;
            description
              "Bridge domain type SVLAN";
          }
          enum "bvlan" {
            junos:must "(".. isid-list all")";
            junos:must-message "bridge-domain-type BVLAN is allowed only for ISID tagged interfaces";
            junos:must "(".. interface-mode trunk")";
            junos:must-message "bridge-domain-type BVLAN is allowed only for trunk interfaces";
            value 1;
            description
              "Bridge domain type BVLAN";
          }
        }
        description "Bridge domain type";
      }

      container vlan-rewrite {
        junos:must "((".. inner-vlan-id-list" || ".. vlan members"))";
        junos:must-message "'vlan-rewrite' statement can be used only with 'vlan members' or inner-vlan-id-list configured";
        junos:must "(".. interface-mode trunk")";
        junos:must-message "'vlan-rewrite' statement supported only under trunk interface mode";
        description
          "Specify VLAN translation";
        uses apply-advanced;

        list translate {
          key "name";
          ordered-by user;
          description
            "Translate incoming VLAN tag";
          leaf name {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4094";
              }
            }
            description
              "Specify the incoming VLAN tag";
          }

          leaf to-vlan-id {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 4094";
              }
            }
            description
              "Specify the bridge-domain VLAN-ID";
          }
        }  // list translate
      }  // container vlan-rewrite

      leaf native-vlan-id {
        type string;
        description
          "Untagged packets on a trunk/tagged-access interface belong to this vlan";
      }

      choice isid_list {
        case case_1 {
        }  // case case_1
      }  // choice isid_list

      leaf core-facing {
        type empty;
        description
          "Interface is core facing";
      }

      container filter {
        description "Packet filtering";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of filter applied to received packets";
        }

        leaf input-precedence {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255";
            }
          }
          description
            "Precedence of the filter";
        }

        leaf-list input-list {
          type string;
          ordered-by user;
          description
            "List of filter modules applied to received packets ";
        }

        leaf output {
          type string;
          description
            "Name of filter applied to transmitted packets";
        }

        leaf output-precedence {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255";
            }
          }
          description
            "Precedence of the filter";
        }

        leaf-list output-list {
          type string;
          ordered-by user;
          description
            "List of filter modules applied to transmitted packets ";
        }

        container adf {
          description
            "Ascend Data Filter definition";
          uses apply-advanced;

          list rule {
            key "name";
            ordered-by user;
            description "Set of ADF rules";
            leaf name {
              type string;
              description
                "Value for a single rule";
            }

            uses apply-advanced;
          }  // list rule

          leaf counter {
            type empty;
            description
              "Add a counter to each rule";
          }

          leaf input-precedence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Precedence of the input rules";
          }

          leaf not-mandatory {
            type empty;
            description
              "No errors will be reported if no rules are present";
          }

          leaf output-precedence {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 255";
              }
            }
            description
              "Precedence of the output rules";
          }
        }  // container adf

        leaf group {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255";
            }
          }
          description
            "Group to which interface belongs";
        }
      }  // container filter

      container policer {
        description "Interface policing";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of policer applied to received packets";
        }

        leaf output {
          type string;
          description
            "Name of policer applied to transmitted packets";
        }
      }  // container policer

      container storm-control {
        description
          "Storm control profile name to bind";
        uses apply-advanced;

        leaf profile-name {
          junos:must "("forwarding-options storm-control-profiles $$")";
          junos:must-message "Storm profile name must be defined in the [edit forwarding-options storm-control-profiles] hierarchy";
          type string;
          description "Profile name";
        }
      }  // container storm-control

      container recovery-timeout {
        description
          "Recovery timeout for this interface";
        leaf time-in-seconds {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 3600";
            }
          }
          units "seconds";
        }
      }  // container recovery-timeout
    }  // grouping ethernet-switching-type

    grouping fibre-channel-type {
      description
        "Fibre Channel switching family";
      uses apply-advanced;

      leaf port-mode {
        type enumeration {
          enum "f-port" {
            value 0;
            description "Fabric port";
          }
          enum "e-port" {
            value 1;
            description "Inter-switch port";
          }
          enum "np-port" {
            value 2;
            description "Proxy node port";
          }
          enum "auto" {
            value 3;
            description
              "Interface mode (F/E) is determined at runtime";
          }
        }
        description "Port mode";
      }

      leaf no-npiv {
        junos:must "((".. port-mode f-port" || (".. port-mode auto" || !(".. port-mode"))))";
        junos:must-message "Interface must be f-port or auto to disable NPIV";
        type empty;
        description "Disable NPIV";
      }

      container fc-fabric {
        description
          "Virtual fabric parameters";
        uses apply-advanced;

        leaf-list members {
          type string;
          ordered-by user;
          description
            "Virtual Fabric Membership for this interface (name or id)";
        }
      }  // container fc-fabric

      leaf native-fabric {
        type string {
          junos:posix-pattern "^([[:alpha:]][[:alnum:]_.-]+)|^([1-9][0-9]{0,2}|[1-3][0-9]{3}|40[0-8][0-9]|409[0-4])$";
          junos:pattern-message "Must be a valid FC fabric name or ID";
        }
        description
          "FC frames with no virtual fabric header on a interface belong to this fabric";
      }
    }  // grouping fibre-channel-type

    grouping keepalives_type {
      uses apply-advanced;

      leaf interval {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 32767";
          }
        }
        units "seconds";
        description "Keepalive period";
      }

      leaf up-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 255";
          }
        }
        description
          "Keepalive received to bring link up";
      }

      leaf down-count {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "1 .. 255";
          }
        }
        description
          "Keepalive missed to bring link down";
      }
    }  // grouping keepalives_type

    grouping mac_list {
      description "MAC address";
      leaf name {
        type jt:mac-addr;
      }

      uses apply-advanced;

      container policer {
        description "MAC policing";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of policer applied to received packets";
        }

        leaf output {
          type string;
          description
            "Name of policer applied to transmitted packets";
        }
      }  // container policer
    }  // grouping mac_list

    grouping ppp_options_type {
      uses apply-advanced;

      leaf dynamic-profile {
        junos:must "("dynamic-profiles $$")";
        junos:must-message "referenced dynamic-profile must be defined";
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "dynamic-profile statement can be configured only on logical interfaces";
        type string;
        description "Dynamic profile name";
      }

      container chap {
        presence "enable chap";
        description
          "Challenge Handshake Authentication Protocol options";
        uses apply-advanced;

        choice access-data {
          leaf access-profile {
            junos:must "("access profile $$")";
            junos:must-message "referenced access profile must be defined";
            type string {
              length "1 .. 63";
            }
            description
              "Profile containing client list and access parameters";
          }
          leaf default-chap-secret {
            type jt:unreadable;
            description
              "Default CHAP secret to be used when no matching access profile exists";
          }
        }  // choice access-data

        leaf local-name {
          type string;
          description
            "Name sent in CHAP-Challenge and CHAP-Response";
        }

        leaf no-rfc2486 {
          type empty;
          description
            "RFC2486 compliance is not enforced";
        }

        leaf passive {
          type empty;
          description
            "Handle incoming CHAP requests only";
        }
      }  // container chap

      container pap {
        presence "enable pap";
        description
          "Password Authentication Protocol options";
        uses apply-advanced;

        choice access-data {
          leaf access-profile {
            junos:must "("access profile $$")";
            junos:must-message "referenced access profile must be defined";
            type string {
              length "1 .. 63";
            }
            description
              "Profile containing client list and access parameters";
          }
          leaf default-password {
            type jt:unreadable;
            description
              "Default PAP password used in the absence of matching profile";
          }
        }  // choice access-data

        leaf local-name {
          type string;
          description
            "Name sent in PAP request packet";
        }

        leaf no-rfc2486 {
          type empty;
          description
            "RFC2486 compliance is not enforced";
        }

        leaf local-password {
          type jt:unreadable;
          description
            "Password sent in PAP request packet";
        }

        leaf passive {
          junos:must "(".. local-password")";
          junos:must-message "local-password MUST be set if passive is used with PAP";
          type empty;
          description
            "Do not handle PAP authentication requests";
        }
      }  // container pap

      container compression {
        description
          "Set compression options";
        leaf acfc {
          junos:must "(!(".. .. .. encapsulation frame-relay-ppp"))";
          junos:must-message "compression acfc is not supported on encapsulation frame-relay-ppp";
          type empty;
          description
            "Negotiate Address/Control field compression";
        }

        leaf pfc {
          type empty;
          description
            "Negotiate Protocol field compression";
        }
      }  // container compression

      leaf lcp-restart-timer {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "lcp-restart-timer statement can be configured only on logical interfaces";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "20 .. 10000";
          }
        }
        units "milliseconds";
        description "LCP restart timer";
      }

      leaf ncp-restart-timer {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "ncp-restart-timer statement can be configured only on logical interfaces";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint16 {
            range "500 .. 10000";
          }
        }
        units "milliseconds";
        description "NCP restart timer";
      }

      leaf no-termination-request {
        type empty;
        description
          "Don't send PPP termination requests";
      }

      leaf loopback-clear-timer {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "loopback-clear-timer statement can be configured only on logical interfaces";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint8 {
            range "1 .. 60";
          }
        }
        units "seconds";
        description "Loopback clear timer";
      }

      leaf lcp-max-conf-req {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "lcp-max-conf-req statement can be configured only on logical interfaces";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Maximum LCP Conf-Req to be sent, 0 means infinite";
      }

      leaf ncp-max-conf-req {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "ncp-max-conf-req statement can be configured only on logical interfaces";
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 65535";
          }
        }
        description
          "Maximum NCP Conf-Req to be sent, 0 means infinite";
      }

      leaf on-demand-ip-address {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "on-demand-ip-address statement can be configured only on logical interfaces";
        type empty;
        description
          "Enable On-Demand IPv4 address allocation and de-allocation";
      }

      leaf aaa-options {
        junos:must "("access aaa-options $$")";
        junos:must-message "referenced aaa-options name must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Attach AAA options name to dynamic-profile";
      }

      container initiate-ncp {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "initiate-ncp statement can be configured only on logical interfaces";
        description
          "Enable server initiated NCP";
        uses apply-advanced;

        leaf ip {
          type empty;
          description
            "Enable server initiated IPNCP";
        }

        leaf ipv6 {
          type empty;
          description
            "Enable server initiated IPv6NCP";
        }

        leaf dual-stack-passive {
          type empty;
          description
            "Disable server initiated IPNCP/IPv6NCP for dual-stack client";
        }
      }  // container initiate-ncp

      leaf mtu {
        junos:must "(any ".. .. .. unit <*>")";
        junos:must-message "mtu statement can be configured only on logical interfaces";
        type string;
        description
          "The Maximum Transfer Unit size in bytes";
      }

      leaf peer-ip-address-optional {
        type empty;
        description
          "Set Peer IP Address Optional in IP NCP Negotiations";
      }

      leaf ipcp-suggest-dns-option {
        type empty;
        description
          "Suggest peer to negotiate with DNS Addresses options";
      }

      leaf ignore-magic-number-mismatch {
        type empty;
        description
          "Ignore magic-number validation failure in LCP keepalive";
      }

      container local-authentication {
        description
          "Local Authentication Protocol options";
        uses local_auth_type;
      }  // container local-authentication

      leaf lcp-connection-update {
        type empty;
        description
          "Enable LCP connection update request to peer";
      }
    }  // grouping ppp_options_type

    grouping local_auth_type {
      description "Local authentication";
      uses apply-advanced;

      leaf password {
        type string {
          length "1 .. 64";
        }
        description "Username password";
      }

      container username-include {
        description "Add username options";
        uses apply-advanced;

        leaf mac-address {
          type empty;
          description "Include MAC address";
        }

        leaf circuit-id {
          type empty;
          description "Include circuit-id ";
        }

        leaf remote-id {
          type empty;
          description "Include remote-id ";
        }

        leaf domain-name {
          type string {
            length "1 .. 64";
          }
          description "Domain name";
        }

        leaf delimiter {
          type string {
            length "1";
          }
          description
            "Delimiter/separator character";
        }
      }  // container username-include
    }  // grouping local_auth_type

    grouping pppoe_options_type {
      uses apply-advanced;

      leaf underlying-interface {
        junos:must "((!("interfaces $$-IFL pppoe-underlying-options dynamic-profile") && !("interfaces $$-IFL family pppoe dynamic-profile")))";
        junos:must-message "Underlying interface cannot be used for both static and dynamic PPPoE interfaces";
        junos:must "(("interfaces $$-IFL encapsulation ppp-over-ether" || ("interfaces $$-IFL encapsulation ppp-over-ether-over-atm-llc" || "interfaces $$-IFL family pppoe")))";
        junos:must-message "Underlying interface must be configured";
        type string;
        description
          "Underlying interface name";
      }

      leaf idle-timeout {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        units "seconds";
        description
          "Time for which session can be idle (0 = forever)";
      }

      leaf access-concentrator {
        type string;
        description
          "Name of the access concentrator (PPPoE server)";
      }

      leaf service-name {
        type string;
        description
          "Service to be requested (from PPPoE server)";
      }

      leaf auto-reconnect {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 4294967295";
          }
        }
        units "seconds";
        description
          "Time to reconnect after session terminates (0 = never)";
      }

      choice pppoe-mode {
        leaf server {
          type empty;
          description
            "PPPoE operates in server mode";
        }
        leaf client {
          type empty;
          description
            "PPPoE operates in client mode";
        }
      }  // choice pppoe-mode

      leaf ppp-max-payload {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1492 .. 9192";
          }
        }
        description
          "Specify the value of ppp-max-payload tag";
      }
    }  // grouping pppoe_options_type

    grouping term_object {
      leaf name {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description "Term name";
      }

      leaf alg {
        type enumeration {
          enum "bootp" {
            value 0;
            description "Bootstrap protocol";
          }
          enum "dce-rpc" {
            value 1;
            description "DCE RPC";
          }
          enum "dce-rpc-portmap" {
            value 2;
            description "DCE RPC portmap";
          }
          enum "dns" {
            value 3;
            description
              "Domain Name Service";
          }
          enum "exec" {
            value 4;
            description
              "Remote Execution Protocol";
          }
          enum "ftp" {
            value 5;
            description
              "File Transfer Protocol";
          }
          enum "ftp-data" {
            value 6;
            description
              "File Transfer Protocol Data Session";
          }
          enum "gprs-gtp-c" {
            value 7;
            description
              "GPRS Tunneling Control Plane";
          }
          enum "gprs-gtp-u" {
            value 8;
            description
              "GPRS Tunneling User Plane";
          }
          enum "gprs-gtp-v0" {
            value 9;
            description
              "GPRS Tunneling Version 0";
          }
          enum "gprs-sctp" {
            value 10;
            description
              "GPRS Stream Control Protocol";
          }
          enum "h323" {
            value 11;
            description "H.323";
          }
          enum "icmp" {
            value 12;
            description "ICMP";
          }
          enum "icmpv6" {
            value 13;
            description "ICMPv6";
          }
          enum "ignore" {
            value 14;
            description
              "Ignore application type";
          }
          enum "iiop" {
            value 15;
            description
              "Internet Inter-ORB Protocol";
          }
          enum "ike-esp-nat" {
            value 16;
            description "IKE/ESP with NAT";
          }
          enum "ip" {
            value 17;
            description "IP";
          }
          enum "login" {
            value 18;
            description "Login";
          }
          enum "mgcp-ca" {
            value 19;
            description "MGCP-CA";
          }
          enum "mgcp-ua" {
            value 20;
            description "MGCP-UA";
          }
          enum "ms-rpc" {
            value 21;
            description "Microsoft RPC";
          }
          enum "netbios" {
            value 22;
            description "NetBIOS";
          }
          enum "netshow" {
            value 23;
            description "NetShow";
          }
          enum "none" {
            value 24;
            description "None";
          }
          enum "pptp" {
            value 25;
            description
              "Point-to-Point Tunneling Protocol";
          }
          enum "q931" {
            value 26;
            description "Q.931";
          }
          enum "ras" {
            value 27;
            description "RAS";
          }
          enum "realaudio" {
            value 28;
            description "RealAudio";
          }
          enum "rpc" {
            value 29;
            description "RPC";
          }
          enum "rpc-portmap" {
            value 30;
            description "RPC portmap";
          }
          enum "rsh" {
            value 31;
            description "Remote Shell";
          }
          enum "rtsp" {
            value 32;
            description
              "Real Time Streaming Protocol";
          }
          enum "sccp" {
            value 33;
            description
              "Skinny Client Control Protocol";
          }
          enum "sip" {
            value 34;
            description
              "Session Initiation Protocol";
          }
          enum "shell" {
            value 35;
            description "Shell";
          }
          enum "snmp" {
            value 36;
            description "SNMP";
          }
          enum "sqlnet" {
            value 37;
            description "SQLNet";
          }
          enum "sqlnet-v2" {
            value 38;
            description
              "Oracle SQL*Net Version 2";
          }
          enum "sun-rpc" {
            value 39;
            description
              "Sun Microsystems RPC";
          }
          enum "talk" {
            value 40;
            description "Talk Program";
          }
          enum "tftp" {
            value 41;
            description
              "Trivial File Transfer Protocol";
          }
          enum "traceroute" {
            value 42;
            description "Traceroute";
          }
          enum "http" {
            value 43;
            description
              "Hypertext Transfer Protocol";
          }
          enum "winframe" {
            value 44;
            description "WinFrame";
          }
          enum "https" {
            value 45;
            description
              "Hypertext Transfer Protocol";
          }
          enum "imap" {
            value 46;
            description
              "Internet Mail Access Protocol";
          }
          enum "smtp" {
            value 47;
            description
              "Simple Mail Transfer Protocol";
          }
          enum "ssh" {
            value 48;
            description
              "Secure Shell Protocol";
          }
          enum "telnet" {
            value 49;
            description "Telnet Protocol";
          }
          enum "twamp" {
            value 50;
            description
              "Two Way Active Meaurement Protocol";
          }
          enum "pop3" {
            value 51;
            description
              "Post Office Protocol 3 Protocol";
          }
          enum "smtps" {
            value 52;
            description
              "Simple Mail Transfer Protocol Over TLS";
          }
          enum "imaps" {
            value 53;
            description
              "Internet Mail Access Protocol Over TLS";
          }
          enum "pop3s" {
            value 54;
            description
              "Post Office Protocol 3 Protocol Over TLS";
          }
        }
        description
          "Application Layer Gateway";
      }

      leaf protocol {
        type string;
        description "Match IP protocol type";
      }

      leaf source-port {
        type string;
        description
          "Match TCP/UDP source port";
      }

      leaf destination-port {
        type string;
        description
          "Match TCP/UDP destination port";
      }

      leaf icmp-type {
        type string;
        description
          "Match ICMP message type";
      }

      leaf icmp-code {
        type string;
        description
          "Match ICMP message code";
      }

      leaf icmp6-type {
        type string;
        description
          "Match ICMP6 message type";
      }

      leaf icmp6-code {
        type string;
        description
          "Match ICMP6 message code";
      }

      leaf rpc-program-number {
        type string {
          junos:posix-pattern "^(0|[1-9][0-9]{0,9})(-(0|[1-9][0-9]{0,9}))?$";
          junos:pattern-message "Value must be an integer or a range of integers";
        }
        description
          "Match range of RPC program numbers";
      }

      leaf uuid {
        type string {
          junos:posix-pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$";
          junos:pattern-message "Value must be of the form xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
        }
        description
          "Match universal unique identifier for DCE RPC objects";
      }

      leaf inactivity-timeout {
        type string;
        units "seconds";
        description
          "Application-specific inactivity timeout";
      }
    }  // grouping term_object

    grouping time-format-object {
      uses apply-advanced;

      leaf year {
        type empty;
        description
          "Year in time format for syslog";
      }

      leaf millisecond {
        type empty;
        description
          "Millisecond in time format for syslog";
      }
    }  // grouping time-format-object

    grouping tunable-object {
      leaf name {
        type string;
      }

      uses apply-advanced;

      leaf tunable-value {
        type union {
          type uint32;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Protocol tunable value";
      }
    }  // grouping tunable-object

    grouping tunnel-inspection-profile-type {
      description
        "Configure tunnel-inspection profile";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description
          "Tunnel-inspection profile name";
      }

      uses apply-advanced;

      choice inspection-type {
        list vxlan {
          key "name";
          ordered-by user;
          description
            "Define a vxlan tunnel";
          uses vxlan-tunnel-type;
        }  // list vxlan
      }  // choice inspection-type
    }  // grouping tunnel-inspection-profile-type

    grouping tunnel-inspection-vni-type {
      description "VNI config";
      leaf name {
        type string {
          length "1 .. 64";
        }
        description "VNI name";
      }

      uses apply-advanced;

      choice vni-type {
        list vni-range {
          key "name";
          ordered-by user;
          description "VNI range";
          uses vni-range-type;
        }  // list vni-range
        leaf-list vni-id {
          type union {
            type uint32;
            type string {
              pattern "<.*>|$.*";
            }
          }
          ordered-by user;
          description "VNI ID";
        }
      }  // choice vni-type
    }  // grouping tunnel-inspection-vni-type

    grouping tunnel_type {
      description "Tunnel packets";
      uses apply-advanced;

      choice ipsec-vpn-choice {
        leaf ipsec-vpn {
          junos:must "(!("security ipsec vpn $$ bind-interface"))";
          junos:must-message "Route based ipsec-vpn cannot be referenced for policy";
          junos:must "("security ipsec vpn $$")";
          junos:must-message "Security VPN must be defined";
          type string {
            length "1 .. 63";
          }
          description "Enable VPN with name";
        }
        leaf ipsec-group-vpn {
          junos:must "("security group-vpn member ipsec vpn $$")";
          junos:must-message "Security group VPN must be defined";
          type string {
            length "1 .. 63";
          }
          status deprecated;
          description
            "Enable dynamic IPSEC group with name";
        }
      }  // choice ipsec-vpn-choice

      leaf pair-policy {
        type string {
          junos:posix-pattern "^[[:alnum:]][[:alnum:]_-]*$";
          junos:pattern-message "Must be a string beginning with a number or letter and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 63";
        }
        description
          "Policy in the reverse direction, to form a pair";
      }
    }  // grouping tunnel_type

    grouping url-list-type {
      description
        "Configure url-list object";
      leaf name {
        type string {
          junos:posix-pattern "^[a-zA-Z_]+[a-zA-Z_0-9-]*$";
          junos:pattern-message "Must be a string beginning with a letter or underscore and consisting of letters, numbers, dashes and underscores.";
          length "1 .. 29";
        }
        description
          "Configure name of url-list object";
      }

      uses apply-advanced;

      leaf-list value {
        type string {
          length "1 .. 249";
        }
        ordered-by user;
        description
          "Configure value of url-list object";
      }
    }  // grouping url-list-type

    grouping user-group-mapping-type {
      uses apply-advanced;

      container ldap {
        description "LDAP";
        uses apply-advanced;

        leaf authentication-algorithm {
          type enumeration {
            enum "simple" {
              value 0;
              description
                "Simple authentication";
            }
          }
          description
            "Authentication-algorithm";
        }

        leaf ssl {
          type empty;
          description "SSL";
        }

        leaf base {
          type string {
            length "1 .. 128";
          }
          description
            "Base distinguished name";
        }

        container user {
          description "User name";
          uses apply-advanced;

          leaf user-name {
            type string {
              junos:posix-pattern "^[[:alnum:]._-]+$|^\\*$";
              junos:pattern-message "Must be a string consisting of letters, numbers, dashes, underscores and dots";
              length "1 .. 64";
            }
            description "User name";
          }

          leaf password {
            type string {
              length "1 .. 128";
            }
            description "Password string";
          }
        }  // container user

        list address {
          key "name";
          ordered-by user;
          description
            "Address of LDAP server";
          leaf name {
            type jt:ipaddr;
            description "Address";
          }

          uses apply-advanced;

          leaf port {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint16 {
                range "1 .. 65535";
              }
            }
            description "LDAP port";
          }
        }  // list address
      }  // container ldap
    }  // grouping user-group-mapping-type

    grouping usf-range-address-type {
      description "Range address";
      leaf name {
        type jt:ipprefix;
        description
          "Lower limit of address range";
      }

      uses apply-advanced;

      container to {
        description "Port range upper limit";
        uses apply-advanced;

        leaf range-high {
          type jt:ipprefix;
          description
            "Upper limit of address range";
        }
      }  // container to
    }  // grouping usf-range-address-type

    grouping utm-apppxy-traceoptions {
      description
        "Traceoptions for utm application proxy process";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Tracing parameters for utm application proxy";
        leaf name {
          type enumeration {
            enum "abort" {
              value 0;
              description
                "Trace application-proxy session abort";
            }
            enum "application-objects" {
              value 1;
              description
                "Trace application-proxy objects information";
            }
            enum "utm-realtime" {
              value 2;
              description
                "Trace application-proxy realtime-thread information";
            }
            enum "anti-virus" {
              value 3;
              description
                "Trace anti-virus information";
            }
            enum "basic" {
              value 4;
              description
                "Trace application-proxy basic information";
            }
            enum "buffer" {
              value 5;
              description
                "Trace application-proxy data buffer information";
            }
            enum "detail" {
              value 6;
              description
                "Trace application-proxy detailed information";
            }
            enum "ftp-data" {
              value 7;
              description
                "Trace FTP data connection information";
            }
            enum "ftp-control" {
              value 8;
              description
                "Trace FTP control connection information";
            }
            enum "http" {
              value 9;
              description
                "Trace HTTP protocol information";
            }
            enum "imap" {
              value 10;
              description
                "Trace IMAP protocol information";
            }
            enum "memory" {
              value 11;
              description
                "Trace memory usage";
            }
            enum "parser" {
              value 12;
              description
                "Trace protocol parser";
            }
            enum "pfe" {
              value 13;
              description
                "Trace communication with PFE";
            }
            enum "pop3" {
              value 14;
              description
                "Trace POP3 protocol information";
            }
            enum "queue" {
              value 15;
              description
                "Trace queue information";
            }
            enum "smtp" {
              value 16;
              description
                "Trace SMTP protocol information";
            }
            enum "tcp" {
              value 17;
              description
                "Trace TCP level information";
            }
            enum "timer" {
              value 18;
              description
                "Trace timer processing";
            }
            enum "connection-rating" {
              value 19;
              description
                "Trace connection rating information";
            }
            enum "mime" {
              value 20;
              description
                "Trace MIME parser information";
            }
            enum "regex-engine" {
              value 21;
              description
                "Trace Pattern Match Engine (PME) information";
            }
            enum "sophos-anti-virus" {
              value 22;
              description
                "Trace anti-virus sophos engine information";
            }
            enum "all" {
              value 23;
              description
                "Enable all application-proxy trace options";
            }
          }
          description
            "Tracing parameters for utm application proxy flag name";
        }
      }  // list flag
    }  // grouping utm-apppxy-traceoptions

    grouping utm-ipc-traceoptions {
      description "Traceoptions for utm IPC";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Traceoptions for utm IPC flag";
        leaf name {
          type enumeration {
            enum "basic" {
              value 0;
              description
                "Trace basic IPC related information";
            }
            enum "detail" {
              value 1;
              description
                "Trace detail IPC related information";
            }
            enum "connection-manager" {
              value 2;
              description
                "Trace IPC connection manager";
            }
            enum "connection-status" {
              value 3;
              description
                "Trace IPC connection status";
            }
            enum "pfe" {
              value 4;
              description
                "Trace communication with pfe";
            }
            enum "utm-realtime" {
              value 5;
              description
                "Trace IPC realtime-thread information";
            }
            enum "all" {
              value 6;
              description
                "Enable all IPC trace options";
            }
          }
          description
            "Trace options for utm IPC flag name";
        }
      }  // list flag
    }  // grouping utm-ipc-traceoptions

    grouping utm-traceoptions {
      description
        "Trace options for utm process";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Tracing UTM information";
        leaf name {
          type enumeration {
            enum "cli" {
              value 0;
              description "Trace CLI";
            }
            enum "daemon" {
              value 1;
              description
                "Trace daemon information";
            }
            enum "ipc" {
              value 2;
              description
                "Trace IPC information";
            }
            enum "pfe" {
              value 3;
              description
                "Trace pfe information";
            }
            enum "all" {
              value 4;
              description
                "Enable all utm trace options";
            }
          }
          description "Flag name";
        }
      }  // list flag
    }  // grouping utm-traceoptions

    grouping v6-relay-option-interface-id-type {
      description "Interface ID processing";
      uses apply-advanced;

      container prefix {
        description
          "Add prefix to circuit/interface-id or remote-id";
        uses apply-advanced;

        leaf host-name {
          type empty;
          description
            "Add router host name to circuit / interface-id or remote-id";
        }

        leaf logical-system-name {
          type empty;
          description
            "Add logical system name to circuit / interface-id or remote-id";
        }

        leaf routing-instance-name {
          type empty;
          description
            "Add routing instance name to circuit / interface-id or remote-id";
        }
      }  // container prefix

      leaf use-interface-description {
        junos:must "(!(".. require-interface-description"))";
        junos:must-message "use-interface-description may not be set with require-interface-desciption";
        type enumeration {
          enum "logical" {
            value 0;
            description
              "Use the logical interface description";
          }
          enum "device" {
            value 1;
            description
              "Use the device interface description";
          }
        }
        description
          "Use interface description instead of circuit identifier";
      }

      leaf use-vlan-id {
        junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))";
        junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured";
        type empty;
        description
          "Use VLAN id instead of name";
      }

      leaf no-vlan-interface-name {
        type empty;
        description
          "Not include vlan or interface name";
      }

      leaf include-irb-and-l2 {
        type empty;
        description
          "Include IRB and L2 interface name";
      }

      container use-option-82 {
        presence "enable use-option-82";
        description
          "Use option-82 circuit-id for interface-id";
        uses v6-relay-option-cid-rid-action;
      }  // container use-option-82

      container keep-incoming-interface-id {
        presence
          "enable keep-incoming-interface-id";
        description
          "Keep incoming interface identifier";
        uses v6-relay-option-cid-rid-action;
      }  // container keep-incoming-interface-id
    }  // grouping v6-relay-option-interface-id-type

    grouping v6-relay-option-cid-rid-action {
      uses apply-advanced;

      leaf strict {
        type empty;
        description
          "Drop packet if id not present";
      }
    }  // grouping v6-relay-option-cid-rid-action

    grouping v6-relay-option-remote-id-type {
      description "Remote ID processing";
      uses apply-advanced;

      container prefix {
        description
          "Add prefix to circuit/interface-id or remote-id";
        uses apply-advanced;

        leaf host-name {
          type empty;
          description
            "Add router host name to circuit / interface-id or remote-id";
        }

        leaf logical-system-name {
          type empty;
          description
            "Add logical system name to circuit / interface-id or remote-id";
        }

        leaf routing-instance-name {
          type empty;
          description
            "Add routing instance name to circuit / interface-id or remote-id";
        }
      }  // container prefix

      leaf use-interface-description {
        junos:must "(!(".. require-interface-description"))";
        junos:must-message "use-interface-description may not be set with require-interface-desciption";
        type enumeration {
          enum "logical" {
            value 0;
            description
              "Use the logical interface description";
          }
          enum "device" {
            value 1;
            description
              "Use the device interface description";
          }
        }
        description
          "Use interface description instead of circuit identifier";
      }

      leaf use-vlan-id {
        junos:must "((!(".. no-vlan-interface-name") && (!(".. use-interface-description") && !(".. require-interface-description"))))";
        junos:must-message "Vlan-tag cannot be added as no-vlan-interface-name or interface-description is configured";
        type empty;
        description
          "Use VLAN id instead of name";
      }

      leaf no-vlan-interface-name {
        type empty;
        description
          "Not include vlan or interface name";
      }

      leaf include-irb-and-l2 {
        type empty;
        description
          "Include IRB and L2 interface name";
      }

      container use-option-82 {
        presence "enable use-option-82";
        description
          "Use option-82 remote-id for v6 remote-id";
        uses v6-relay-option-cid-rid-action;
      }  // container use-option-82

      leaf keep-incoming-remote-id {
        type empty;
        description
          "Keep incoming remote identifier";
      }
    }  // grouping v6-relay-option-remote-id-type

    grouping v6-server-group-type {
      uses apply-advanced;

      list server-group {
        key "name";
        ordered-by user;
        description
          "One or more server groups";
        leaf name {
          type string {
            junos:posix-pattern "^[A-Za-z0-9][_0-9A-Za-z-]*$";
            junos:pattern-message "Must be a non-reserved string of 64 characters or less";
            length "1 .. 64";
          }
          description
            "DHCPv6 Server group name";
        }

        uses apply-advanced;

        list address {
          key "name";
          max-elements 32;
          ordered-by user;
          description
            "IP Address of one or more DHCP servers";
          leaf name {
            type jt:ipaddr;
            description
              "IP Address of DHCP server";
          }

          uses apply-advanced;
        }  // list address
      }  // list server-group
    }  // grouping v6-server-group-type

    grouping vendor-object {
      leaf name {
        type string;
        description
          "Values for vendor field";
      }

      uses apply-advanced;

      leaf product-name {
        type string;
        description
          "Values for product field";
      }
    }  // grouping vendor-object

    grouping vlan-policy {
      description "Virtual LAN";
      leaf name {
        type string;
        description "VLAN id";
      }

      uses apply-advanced;

      container policy {
        description "Attach policy";
        uses apply-advanced;

        leaf policy-name {
          type string;
          description
            "Router Advertisement Guard policy name";
        }

        choice policy-type {
          leaf stateful {
            type empty;
            description
              "Stateful router advertisement guard";
          }
          leaf stateless {
            type empty;
            description
              "Stateless router advertisement guard";
          }
        }  // choice policy-type
      }  // container policy
    }  // grouping vlan-policy

    grouping vlan-types {
      description "Virtual LAN";
      leaf name {
        junos:must "(("vlans ${vlan} vlan-id" || ("vlans ${vlan} vlan-id-list" || "vlans ${vlan} vlan-range")))";
        junos:must-message "Default bridge-domain mode without any vlan-id configuration is not supported.";
        junos:must "(((!("vlans ${vlan} isolated-vlan") && (!("vlans ${vlan} community-vlans") && !("vlans ${vlan} private-vlan"))) || !("vlans ${vlan} forwarding-options filter output")))";
        junos:must-message "Configuring Egress VACL is not supported on PVLAN";
        type string {
          length "2 .. 64";
        }
        description "VLAN name";
      }

      uses apply-advanced;

      leaf description {
        type string {
          junos:posix-pattern "^.{1,255}$";
          junos:pattern-message "Must be a string of 255 characters or less";
        }
        description
          "Text description of VLANs";
      }

      choice vlan-identifier-choice {
        leaf vlan-id {
          type string;
          description
            "IEEE 802.1q VLAN identifier for VLAN";
        }
        leaf-list vlan-id-list {
          junos:must "(!(("routing-instances ${instance} instance-type mac-vrf" && " .. vxlan")))";
          junos:must-message "vxlan can not be specified under vlan-id-list for mac-vrf instance";
          type jt:vlan-range;
          description
            "Create VLAN for each of the vlan-id specified in the vlan-id-list";
        }
        container vlan-tags {
          presence "enable vlan-tags";
          description
            "IEEE 802.1q VLAN tags for VLANs";
          leaf outer {
            type string {
              junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$";
              junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094";
            }
            description
              "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
          }

          leaf inner {
            type string {
              junos:posix-pattern "^(0[Xx][0-9A-Fa-f]{4}.([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4]))$|^([0-9]{1,3}|1[0-9]{3}|2[0-9]{3}|3[0-9]{3}|40[0-8][0-9]|409[0-4])$";
              junos:pattern-message "vlan-id in vlan-tag (0xNNNN.vlan-id) must be 0 to 4094";
            }
            description
              "[tpid.]vlan-id, tpid format is 0xNNNN and is optional";
          }
        }  // container vlan-tags
      }  // choice vlan-identifier-choice

      list interface {
        key "name";
        ordered-by user;
        description
          "Interface name for this VLAN";
        leaf name {
          junos:must "(!("interfaces $$-IFL encapsulation ethernet"))";
          junos:must-message "encapsulation ethernet is not allowed on l2 interface";
          junos:must "(!((("interfaces $$-IFL vlan-id-list" || "interfaces $$-IFL vlan-id-range") && (".. .. .. .. instance-type mac-vrf" && (".. .. .. .. service-type vlan-aware" || ".. .. .. .. service-type vlan-based")))))";
          junos:must-message "Interface with vlan-id-list/vlan-id-range cannot be added to vlan under mac-vrf routing-instance with vlan-based/vlan-aware service-type";
          junos:must "((!("interfaces $$-IFL family") || "interfaces $$-IFL family ethernet-switching"))";
          junos:must-message "only family ethernet-switching can be configured on this interface";
          junos:must "((!(("interfaces $$ vlan-id-list" || "interfaces $$ vlan-tags inner-list")) || (!((".. .. vlan-id" || ".. .. vlan-tags")) || (".. .. no-normalization" || ".. .. switch-options no-normalization"))))";
          junos:must-message "interface with vlan-id-list/inner-list cannot be added to a vlan with a vlan-id/vlan-tags configured";
          junos:must "(!(("interfaces $$-IFL family ethernet-switching interface-mode" || "interfaces $$-IFL family ethernet-switching vlan members")))";
          junos:must-message "Interface with 'interface-mode' config is not allowed under vlans";
          junos:must "(!(".. .. .. interfaces $$"))";
          junos:must-message "This interface is already defined at the routing-instance level";
          junos:must "(("interfaces $$-IFL" || !(".. .. .. .. protocols evpn encapsulation")))";
          junos:must-message "Interface not defined; Interface must be defined for configuring under VLAN for protocols evpn";
          junos:must "(((".. .. vlan-id all" && "interfaces $$-IFL input-vlan-map pop") || ((".. .. vlan-id inner-all" && "interfaces $$-IFL input-vlan-map") || (!((".. .. vlan-id" || ".. .. vlan-tags")) || (!(("interfaces $$-IFL input-vlan-map" || "interfaces $$-IFL output-vlan-map")) || (".. .. no-normalization" || ".. .. switch-options no-normalization"))))))";
          junos:must-message "interface with input/output vlan-maps cannot be added to a routing-instance with a vlan-id/vlan-tags configured";
          junos:must "((!("interfaces $$-IFL vlan-tags inner-range") || ((".. .. vlan-id all" || ".. .. vlan-id inner-all") || (".. .. no-normalization" || ".. .. switch-options no-normalization"))))";
          junos:must-message "vlan-tags inner-range is specified for this logical interface; 'vlan-id all' or 'vlan-id inner-all' should also be enabled";
          junos:must "(((!("interfaces $$-IFL vlan-id-range") || ".. .. vlan-id all") || (".. .. no-normalization" || ".. .. switch-options no-normalization")))";
          junos:must-message "vlan-id-range is specified for this logical interface; 'vlan-id all' should also be enabled";
          type string;
        }

        uses apply-advanced;
      }  // list interface

      leaf l3-interface {
        junos:must "(!((".. .. .. protocols evpn mclag" && !(".. no-arp-suppression"))))";
        junos:must-message "no-arp-suppression needs to be configured, when evpn is configured with mclag.";
        junos:must "(!((".. mcae-mac-synchronize" && "interfaces $$-IFL mac")))";
        junos:must-message "irb-ifl mac and vlan mcae-mac-synchronize cannot coexist";
        junos:must "((!("interfaces $$-IFL family mpls") || !(("routing-instances ${instance} instance-type virtual-switch" && ("routing-instances ${instance} protocols vpls" && "routing-instances ${instance} route-distinguisher")))))";
        junos:must-message "routing-interface with family MPLS cannot be added to virtual-switch with protocol VPLS";
        junos:must "((!(".. vlan-tags") || !("interfaces $$-IFL family mpls")))";
        junos:must-message "routing-interface with family MPLS cannot be added to bridge-domain with 'vlan-tags'";
        junos:must "(!("routing-instances ${instance} service-type vlan-bundle"))";
        junos:must-message "routing-interface not valid for vlan-bundle service type";
        junos:must "((!(".. vlan-id all") && !(".. vlan-id inner-all")))";
        junos:must-message "l3-interface cannot be configured under vlans with 'vlan-id all' or 'vlan-id inner-all'";
        junos:must "((".. vlan-id" || ".. vlan-tags"))";
        junos:must-message "l3-interface can be configured only under vlans with 'vlan-id'/'vlan-tags'";
        type union {
          type jt:interface-unit;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description
          "L3 interface name for this vlans";
      }

      leaf no-local-switching {
        type empty;
        description
          "Disable local switching within CE-facing interfaces";
      }

      container forwarding-options {
        description
          "Forwarding options configuration";
        uses juniper-ethernet-switching-forwarding-options;
      }  // container forwarding-options

      container multicast-snooping-options {
        junos:must "(".. .. .. protocols igmp-snooping vlan ${vlan}")";
        junos:must-message "multicast-snooping-options can be configured only if snooping is enabled on the vlan";
        description
          "Multicast snooping option configuration";
        uses juniper-multicast-snooping-options;
      }  // container multicast-snooping-options

      container switch-options {
        description
          "VLANs switch-options configuration";
        uses juniper-protocols-vlan;
      }  // container switch-options

      leaf domain-type {
        type enumeration {
          enum "bridge" {
            value 0;
            description
              "Forwarding instance";
          }
        }
        description
          "Type of VLANs SVLAN/DVLAN";
      }

      leaf no-irb-layer-2-copy {
        junos:must "(".. l3-interface")";
        junos:must-message "l3-interface must be configured to configure this feature";
        type empty;
        description
          "Disable transmission of layer-2 copy of packets of IRB routing-interface";
      }

      leaf service-id {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 65535";
          }
        }
        description
          "Service id required if VLAN is of type MC-AE, and vlan-id all or vlan-id none or vlan-tags is configured";
      }

      leaf mcae-mac-synchronize {
        junos:must "(".. l3-interface")";
        junos:must-message "Layer 3 interface for this VLAN is not configured";
        type empty;
        description
          "Enable IRB MAC synchronization in this VLAN";
      }

      leaf mcae-mac-flush {
        type empty;
        description
          "Enable IRB MAC flush in a/s mode for this VLAN on MCAE link up";
      }

      leaf private-vlan {
        junos:must "(!((".. isolated-vlan" || ".. community-vlans")))";
        junos:must-message "This vlan is already configured as primary vlan";
        junos:must "(!(".. l3-interface"))";
        junos:must-message "l3-interface cannot be configured on a secondary vlan";
        type enumeration {
          enum "isolated" {
            value 0;
            description "Isolated vlan";
          }
          enum "community" {
            value 1;
            description "Community vlan";
          }
        }
        description
          "Type of secondary vlan for private vlan";
      }

      leaf isolated-vlan {
        junos:must "(!(".. private-vlan"))";
        junos:must-message "This vlan is already configured as secondary vlan";
        type string;
        description "VLAN id or name";
      }

      leaf-list community-vlans {
        junos:must "(!(".. private-vlan"))";
        junos:must-message "This vlan is already configured as secondary vlan";
        type string;
        ordered-by user;
        description
          "List of VLAN id or name";
      }

      container vxlan {
        junos:must "((". riot-loopback" || (!(". riot-loopback") && (((". ovsdb-managed" || ".. .. .. switch-options ovsdb-managed") && (!((". ingress-node-replication" || ".. .. .. protocols evpn encapsulation vxlan")) && !(". multicast-group"))) || ((!((". ovsdb-managed" || ".. .. .. switch-options ovsdb-managed")) && ((". ingress-node-replication" || ".. .. .. protocols evpn encapsulation vxlan") && !(". multicast-group"))) || (!((". ovsdb-managed" || ".. .. .. switch-options ovsdb-managed")) && (!((". ingress-node-replication" || ".. .. .. protocols evpn encapsulation vxlan")) && ". multicast-group")))))))";
        junos:must-message "ovsdb, multicast-group, ingress-node-replication cannot be configured together. ingress-node-replication must be configured when remote-vtep-list is configured";
        junos:must "((". ovsdb-managed" || (".. .. .. switch-options ovsdb-managed" || (". multicast-group" || ("routing-instances ${instance} remote-vtep-list" || (".. .. .. switch-options remote-vtep-list" || (". ingress-node-replication" || (".. .. .. protocols evpn encapsulation vxlan" || ". riot-loopback"))))))))";
        junos:must-message "One of multicast-group or ovsdb-managed or ingress-node-replication or protocols evpn encapsulation vxlan or remote-vtep-list or riot-loopback should be enabled";
        junos:must "((!(".. vlan-id all") && !(".. vlan-id all")))";
        junos:must-message "vxlan does not support bridge domain with 'vlan-id all' or 'vlan-id inner-all'";
        junos:must "((". riot-loopback" || (!(". riot-loopback") && ("routing-instances ${instance} vtep-source-interface" || ".. .. .. switch-options vtep-source-interface"))))";
        junos:must-message "vtep-source-interface is required for VXLAN configuration";
        uses apply-advanced;

        leaf ovsdb-managed {
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. .. .. .. switch-options remote-vtep-list" || (".. multicast-group" || ".. .. .. .. protocols evpn encapsulation vxlan")))))";
          junos:must-message "ovsdb-managed not valid with remote-vtep-list or multicast-group or protocol evpn encapsulation vxlan";
          type empty;
          description
            "Bridge-domain is managed remotely via VXLAN OVSDB Controller";
        }

        leaf vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 16777214";
            }
          }
          description "VXLAN identifier";
        }

        leaf translation-vni {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 16777214";
            }
          }
          description
            "Translated VXLAN identifier";
        }

        leaf multicast-group {
          junos:must "(!(("routing-instances ${instance} remote-vtep-list" || (".. .. .. switch-options remote-vtep-list" || (".. ovsdb-managed" || ("routing-instances ${instance} switch-options ovsdb-managed" || ".. .. .. .. protocols evpn encapsulation vxlan"))))))";
          junos:must-message "multicast-group not valid with remote-vtep-list or ovsdb-managed or evpn configuration";
          type jt:ipv4addr;
          description
            "Multicast group registered for VXLAN segment";
        }

        leaf encapsulate-inner-vlan {
          type empty;
          description
            "Retain inner VLAN in the packet";
        }

        leaf decapsulate-accept-inner-vlan {
          type empty;
          description
            "Accept VXLAN packets with inner VLAN";
        }

        leaf unreachable-vtep-aging-timer {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint16 {
              range "300 .. 1800";
            }
          }
          units "seconds";
          description
            "Unreachable VXLAN tunnel endpoint removal timer";
        }

        leaf-list static-remote-vtep-list {
          type jt:ipaddr;
          max-elements 1024;
          description
            "Configure vlan specific static remote VXLAN tunnel endpoints";
        }

        leaf riot-loopback {
          type empty;
          description
            "Enable loopback on RIOT platform";
        }
      }  // container vxlan
    }  // grouping vlan-types

    grouping juniper-ethernet-switching-forwarding-options {
      uses apply-advanced;

      container filter {
        description
          "Filtering for ethernet switching forwarding table";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of input filter to apply for forwarded packets";
        }
      }  // container filter

      container flood {
        description
          "Filtering for ethernet switching flood table";
        uses apply-advanced;

        leaf input {
          type string;
          description
            "Name of input filter to apply for ethernet switching flood packets";
        }
      }  // container flood

      container dhcp-relay {
        junos:must "(!("forwarding-options helpers bootp"))";
        junos:must-message "'dhcp-relay' statement cannot be included along with 'forwarding-options helpers bootp' statement";
        status deprecated;
        description
          "Dynamic Host Configuration Protocol relay configuration";
        uses jdhcp-relay-type;
      }  // container dhcp-relay

      container dhcp-security {
        presence "enable dhcp-security";
        description
          "DHCP access security configuration";
        uses jdhcp-security-type;
      }  // container dhcp-security
    }  // grouping juniper-ethernet-switching-forwarding-options

    grouping juniper-protocols-vlan {
      description
        "VLANs switch-options configuration";
      uses apply-advanced;

      container mac-table-size {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC address forwarding table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container mac-table-size

      container mac-ip-table-size {
        junos:must "(!(((".. .. .. protocols vpls" || ".. .. .. protocols evpn") && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-ip-table-size needs to be specified under switch-options for a virtual-switch instance";
        description
          "Size of MAC+IP bindings table";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings";
        }
      }  // container mac-ip-table-size

      container interface-mac-limit {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface-mac-limit needs to be specified under switch-options for a virtual-switch instance";
        description
          "Maximum MAC address learned per interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC addresses per interface";
        }

        leaf packet-action {
          type enumeration {
            enum "none" {
              value 0;
              description
                "Forward the packet";
            }
            enum "drop" {
              value 1;
              description
                "Drop packets and do not learn. Default is forward";
            }
            enum "log" {
              value 2;
              description
                "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
            }
            enum "shutdown" {
              value 3;
              description
                "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
            }
            enum "drop-and-log" {
              value 4;
              description
                "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
            }
          }
          description
            "Action when MAC limit is reached";
        }
      }  // container interface-mac-limit

      container interface-mac-ip-limit {
        description
          "Maximum number of MAC+IP bindings learned on the interface";
        uses apply-advanced;

        leaf limit {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          description
            "Maximum number of MAC+IP bindings per interface";
        }
      }  // container interface-mac-ip-limit

      leaf mac-table-aging-time {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32;
        }
        units "seconds";
        description
          "Delay for discarding MAC address if no updates are received";
      }

      leaf no-mac-learning {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "no-mac-learning needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Disable dynamic MAC address learning";
      }

      leaf no-normalization {
        type empty;
        description
          "Disable vlan id normalization for interfaces";
      }

      leaf mac-statistics {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "mac-statistics needs to be specified under switch-options for a virtual-switch instance";
        type empty;
        description
          "Enable MAC address statistics";
      }

      container static-rvtep-mac {
        description
          "Configure Static MAC and remote VxLAN tunnel endpoint entries";
        uses apply-advanced;

        list mac {
          key "mac_addr remote-vtep";
          description "Unicast MAC address";
          leaf mac_addr {
            type jt:mac-unicast;
          }

          leaf remote-vtep {
            type jt:ipaddr;
            description
              "Configure static remote VXLAN tunnel endpoints";
          }
        }  // list mac
      }  // container static-rvtep-mac

      list interface {
        junos:must "(!((".. .. .. protocols vpls" && ".. .. ..  instance-type virtual-switch")))";
        junos:must-message "interface needs to be specified under switch-options for a virtual-switch instance";
        key "name";
        ordered-by user;
        description
          "Interface that connect this site to the VPN";
        leaf name {
          junos:must "(((".. .. .. interface $$" || (".. .. .. .. .. interface $$" || "interfaces $$-IFL family ethernet-switching vlan")) || "interfaces $$-IFL family ethernet-switching"))";
          junos:must-message "Interface must be part of this routing instance";
          type union {
            type jt:interface-name;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description "Interface name";
        }

        uses apply-advanced;

        container interface-mac-limit {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          description
            "Maximum number of MAC addresses learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC addresses per interface";
          }

          leaf disable {
            type empty;
            description
              "Disable interface for interface-mac-limit";
          }

          leaf packet-action {
            type enumeration {
              enum "none" {
                value 0;
                description
                  "Forward the packet";
              }
              enum "drop" {
                value 1;
                description
                  "Drop packets and do not learn. Default is forward";
              }
              enum "log" {
                value 2;
                description
                  "Do not drop the packet but generate an alarm, an SNMP trap or a system log entry";
              }
              enum "shutdown" {
                value 3;
                description
                  "Disable the interface and generate an alarm, an SNMP trap or a system log entry";
              }
              enum "drop-and-log" {
                value 4;
                description
                  "Drop the packet and generate an alarm, an SNMP trap or a system log entry";
              }
            }
            description
              "Action when MAC limit is reached";
          }
        }  // container interface-mac-limit

        leaf action-priority {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 8";
            }
          }
          description
            "Blocking priority of this interface on mac move detection";
        }

        list static-mac {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          key "name";
          ordered-by user;
          description
            "Static MAC addresses assigned to this interface";
          leaf name {
            junos:must "((!(".. .. .. .. vlan-id all") || all ".. vlan-id <*>"))";
            junos:must-message " Specify vlan-id for qualified learning ";
            type jt:mac-addr;
            description "MAC address";
          }

          uses apply-advanced;

          list vlan-id {
            junos:must "(".. .. .. .. vlan-id all")";
            junos:must-message "'vlan-id all' has to be configured for the bridging domain";
            key "name";
            ordered-by user;
            description
              "VLAN ID of learning VLAN";
            leaf name {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "0 .. 4094";
                }
              }
              description "Learning VLAN";
            }

            uses apply-advanced;
          }  // list vlan-id
        }  // list static-mac

        container interface-mac-ip-limit {
          description
            "Maximum number of MAC+IP bindings learned on the interface";
          uses apply-advanced;

          leaf limit {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32;
            }
            description
              "Maximum number of MAC+IP bindings per interface";
          }
        }  // container interface-mac-ip-limit

        leaf no-mac-learning {
          junos:must "(!(".. .. .. .. .. vlans ${vlan} private-vlan"))";
          junos:must-message "Switch-options configuration is not allowed on interfaces which are part of secondary VLANs";
          type empty;
          description
            "Disable dynamic MAC address learning";
        }

        leaf mac-pinning {
          type empty;
          description "Enable MAC pinning";
        }

        leaf persistent-learning {
          junos:must "(!("switch-options mac-table-aging-time "))";
          junos:must-message "Persistent learning can not co-exist with mac-table-aging-time";
          type empty;
          description
            "Enable persistent MAC learning on this interface";
        }
      }  // list interface

      container traceoptions {
        description
          "Trace options for this bridge domain";
        uses apply-advanced;

        leaf no-remote-trace {
          junos:must "("system tracing")";
          junos:must-message "'no-remote-trace' is valid only when [system tracing] is configured";
          type empty;
          description
            "Disable remote tracing";
        }

        container file {
          description
            "Trace file information";
          leaf filename {
            type string {
              junos:posix-pattern "![/ %]";
              junos:pattern-message "Must not contain '/', % or a space";
              length "1 .. 1024";
            }
            description
              "Name of file in which to write trace information";
          }

          leaf size {
            type string;
            description
              "Maximum trace file size";
          }

          leaf files {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "2 .. 1000";
              }
            }
            default "3";
            description
              "Maximum number of trace files";
          }

          choice world-readable-choice {
            leaf world-readable {
              type empty;
              description
                "Allow any user to read the log file";
            }
            leaf no-world-readable {
              type empty;
              description
                "Don't allow any user to read the log file";
            }
          }  // choice world-readable-choice

          leaf match {
            type jt:regular-expression;
            description
              "Regular expression for lines to be logged";
          }
        }  // container file

        leaf level {
          type enumeration {
            enum "error" {
              value 0;
              description
                "Match error conditions";
            }
            enum "warning" {
              value 1;
              description
                "Match warning messages";
            }
            enum "notice" {
              value 2;
              description
                "Match conditions that should be handled specially";
            }
            enum "info" {
              value 3;
              description
                "Match informational messages";
            }
            enum "verbose" {
              value 4;
              description
                "Match verbose messages";
            }
            enum "all" {
              value 5;
              description "Match all levels";
            }
          }
          default "error";
          description
            "Level of debugging output";
        }

        list flag {
          key "name";
          ordered-by user;
          description
            "Type of operation or event to include in trace";
          leaf name {
            type enumeration {
              enum "configuration" {
                value 0;
                description
                  "Configuration operations";
              }
              enum "routing-socket" {
                value 1;
                description
                  "Routing socket operations";
              }
              enum "interface-device" {
                value 2;
                description
                  "Interface device operations";
              }
              enum "interface-logical" {
                value 3;
                description
                  "Logical interface operations";
              }
              enum "interface-family" {
                value 4;
                description
                  "Interface family operations";
              }
              enum "learning-domain" {
                value 5;
                description
                  "Learning domain operations";
              }
              enum "ipc" {
                value 6;
                description
                  "Inter-process communications operations";
              }
              enum "mac-learning" {
                value 7;
                description
                  "MAC address learning operations";
              }
              enum "initialization" {
                value 8;
                description
                  "Initialization operations";
              }
              enum "flood-next-hop" {
                value 9;
                description
                  "Flood next hop operations";
              }
              enum "storm-control" {
                value 10;
                description "Storm-control";
              }
              enum
                "unknown-unicast-forwarding" {
                value 11;
                description
                  "Trace unknown unicast forwarding events";
              }
              enum "all" {
                value 12;
                description "All operations";
              }
            }
          }
        }  // list flag
      }  // container traceoptions
    }  // grouping juniper-protocols-vlan

    grouping vlan_map {
      description
        "IEEE 802.1q Virtual LAN (VLAN) Tag mapping";
      uses apply-advanced;

      choice operation_choices {
        leaf push {
          type empty;
          description "Push a VLAN tag";
        }
        leaf swap {
          type empty;
          description "Swap a VLAN tag";
        }
        leaf pop {
          type empty;
          description "Pop a VLAN tag";
        }
        leaf push-push {
          type empty;
          description "Push two VLAN tags";
        }
        leaf swap-push {
          type empty;
          description
            "Swap VLAN tag and push a new VLAN tag";
        }
        leaf swap-swap {
          type empty;
          description
            "Swap both outer and inner VLAN tags";
        }
        leaf pop-swap {
          type empty;
          description
            "Pop outer VLAN tag and swap inner VLAN tag";
        }
        leaf pop-pop {
          type empty;
          description
            "Pop both outer and inner VLAN tags";
        }
      }  // choice operation_choices

      leaf tag-protocol-id {
        type string {
          junos:posix-pattern "^0x[abcdefABCDEF0123456789]{4}$";
          junos:pattern-message "Must be hexadecimal bit pattern of form 0xNNNN";
        }
        description
          "IEEE 802.1q Tag Protocol Identifier to rewrite";
      }

      leaf inner-tag-protocol-id {
        type string;
        description
          "IEEE 802.1q Tag Protocol ID to rewrite for inner tag";
      }

      leaf vlan-id {
        type string;
        description "VLAN ID to rewrite";
      }

      leaf inner-vlan-id {
        type string;
        description
          "VLAN ID to rewrite for inner tag";
      }
    }  // grouping vlan_map

    grouping vni-range-type {
      leaf name {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 16777215";
          }
        }
        description "VNI range Lower limit";
      }

      uses apply-advanced;

      container to {
        description "VNI range upper limit";
        uses apply-advanced;

        leaf range-high {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 16777215";
            }
          }
          description
            "Upper limit of vni range";
        }
      }  // container to
    }  // grouping vni-range-type

    grouping vrf-group-type {
      description
        "Configure vrf group object";
      leaf name {
        type string {
          length "1 .. 64";
        }
        description "Vrf group name";
      }

      uses apply-advanced;

      leaf-list vrf {
        junos:must "("routing-instances $$ vrf-table-label")";
        junos:must-message "referenced routing-instance must configured with vrf-table-label";
        junos:must "("routing-instances $$ instance-type vrf")";
        junos:must-message "referenced routing-instance must be vrf type";
        type string;
        ordered-by user;
        description "L3vpn vrf name";
      }
    }  // grouping vrf-group-type

    grouping vrrp-group {
      description
        "Virtual Router Redundancy Protocol group";
      leaf name {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 255";
          }
        }
        description
          "Identifier for VRRP group";
      }

      uses apply-advanced;

      choice address {
        leaf-list virtual-address {
          type jt:ipv4addr;
          ordered-by user;
          description
            "One or more virtual IPv4 addresses";
        }
        leaf-list virtual-inet6-address {
          type jt:ipv6addr;
          ordered-by user;
          description
            "One or more virtual inet6 addresses";
        }
      }  // choice address

      leaf virtual-link-local-address {
        junos:must "(".. .. vrrp-inet6-group")";
        junos:must-message "'virtual-link-local-address' statement can be included only for interfaces of type 'family inet6'";
        type jt:ipv6addr;
        description
          "Virtual link-local addresses";
      }

      leaf priority {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "0 .. 255";
          }
        }
        description
          "Virtual router election priority";
      }

      leaf preferred {
        type empty;
        description
          "Preferred group on subnet";
      }

      choice advertisement_type {
        leaf advertise-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 255";
            }
          }
          units "seconds";
          description
            "Advertisement interval";
        }
        leaf fast-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "10 .. 40950";
            }
          }
          units "milliseconds";
          description
            "Fast advertisement interval";
        }
        leaf inet6-advertise-interval {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "100 .. 40000";
            }
          }
          units "milliseconds";
          description
            "Inet6 advertisement interval";
        }
      }  // choice advertisement_type

      choice preempt_type {
        container preempt {
          presence "enable preempt";
          description "Allow preemption";
          uses apply-advanced;

          leaf hold-time {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "0 .. 3600";
              }
            }
            units "seconds";
            description
              "Preemption hold time";
          }
        }  // container preempt
        leaf no-preempt {
          type empty;
          description
            "Don't allow preemption";
        }
      }  // choice preempt_type

      choice accept_type {
        leaf accept-data {
          type empty;
          description
            "Accept packets destined for virtual IP address";
        }
        leaf no-accept-data {
          type empty;
          description
            "Don't accept packets destined for virtual IP address";
        }
      }  // choice accept_type

      leaf authentication-type {
        junos:must "(".. .. vrrp-group")";
        junos:must-message "'authentication-type' statement can be included only for interfaces of type 'family inet'";
        type enumeration {
          enum "md5" {
            value 0;
            description "HMAC-MD5-96";
          }
          enum "simple" {
            value 1;
            description "Simple password";
          }
        }
        description "Authentication type";
      }

      leaf authentication-key {
        junos:must "(".. .. vrrp-group")";
        junos:must-message "'authentication-key' statement can be included only for interfaces of type 'family inet'";
        type jt:unreadable;
        description "Authentication key";
      }

      container track {
        description
          "Interfaces to track for VRRP group";
        uses apply-advanced;

        leaf priority-hold-time {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 3600";
            }
          }
          units "seconds";
          description "Priority hold time";
        }

        list interface {
          key "name";
          ordered-by user;
          description
            "Interface to track in VRRP group";
          leaf name {
            type union {
              type jt:interface-unit;
              type string {
                pattern "<.*>|$.*";
              }
            }
            description "Name of interface";
          }

          uses apply-advanced;

          list bandwidth-threshold {
            key "name";
            description
              "Track bandwidth of interface";
            leaf name {
              type string;
              units "bits per second";
              description
                "Interface speed below which priority cost is incurred";
            }

            leaf priority-cost {
              type union {
                type string {
                  pattern "<.*>|$.*";
                }
                type uint32 {
                  range "1 .. 254";
                }
              }
              description
                "Value subtracted from priority when bandwidth is below threshold";
            }
          }  // list bandwidth-threshold

          leaf priority-cost {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 254";
              }
            }
            description
              "Value to subtract from priority when interface is down";
          }
        }  // list interface

        list route {
          key "route_address routing-instance";
          ordered-by user;
          description
            "Route to track in VRRP group";
          leaf route_address {
            type jt:ipprefix-mandatory;
            description "Route address";
          }

          leaf routing-instance {
            type string {
              junos:posix-pattern "!^((__.*__)|(all)|(.*[ ].*)|("")|(.{129,}))$";
              junos:pattern-message "Must be a non-reserved string of 128 characters or less with no spaces.";
            }
            description
              "Routing instance to which route belongs, or 'default'";
          }

          leaf priority-cost {
            type union {
              type string {
                pattern "<.*>|$.*";
              }
              type uint32 {
                range "1 .. 254";
              }
            }
            description
              "Value to subtract from priority when route is down";
          }
        }  // list route
      }  // container track

      container vrrp-inherit-from {
        description
          "VRRP group to follow for this VRRP group";
        uses apply-advanced;

        leaf active-interface {
          type union {
            type jt:interface-unit;
            type string {
              pattern "<.*>|$.*";
            }
          }
          description
            "Interface name of VRRP active group";
        }

        leaf active-group {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "0 .. 255";
            }
          }
          description
            "Identifier for VRRP active group";
        }
      }  // container vrrp-inherit-from

      leaf advertisements-threshold {
        type union {
          type string {
            pattern "<.*>|$.*";
          }
          type uint32 {
            range "1 .. 15";
          }
        }
        description
          "Number of vrrp advertisements missed before declaring master down";
      }
    }  // grouping vrrp-group

    grouping vxlan-tunnel-type {
      description "Configure vxlan tunnel";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description "Vxlan tunnel name";
      }

      uses apply-advanced;

      leaf policy-set {
        junos:must "((".. .. .. .. security policies policy-set $$" || ".. .. .. .. .. security policies policy-set $$"))";
        junos:must-message "Security policy policy-set must be defined";
        type string {
          length "1 .. 63";
        }
        description
          "Define a security policy set";
      }

      list vni {
        key "name";
        max-elements 4096;
        ordered-by user;
        description "Define VNI";
        uses vni-list-type;
      }  // list vni
    }  // grouping vxlan-tunnel-type

    grouping vni-list-type {
      leaf name {
        type string;
        description "VNI name";
      }
    }  // grouping vni-list-type

    grouping web-filtering-fallback-setting {
      description
        "Web-filtering fallback settings";
      uses apply-advanced;

      leaf default {
        type enumeration {
          enum "log-and-permit" {
            value 0;
          }
          enum "block" {
            value 1;
          }
        }
        description
          "Fallback default settings";
      }

      leaf server-connectivity {
        type enumeration {
          enum "log-and-permit" {
            value 0;
          }
          enum "block" {
            value 1;
          }
        }
        description
          "Fallback action when device cannot connect to server";
      }

      leaf timeout {
        type enumeration {
          enum "log-and-permit" {
            value 0;
          }
          enum "block" {
            value 1;
          }
        }
        description
          "Fallback action when connection to server timeout";
      }

      leaf too-many-requests {
        type enumeration {
          enum "log-and-permit" {
            value 0;
          }
          enum "block" {
            value 1;
          }
        }
        description
          "Fallback action when requests exceed the limit of engine";
      }
    }  // grouping web-filtering-fallback-setting

    grouping web-filtering-traceoptions {
      description
        "Trace options for web-filtering feature";
      uses apply-advanced;

      list flag {
        key "name";
        ordered-by user;
        description
          "Trace options for web-filtering feature trace flag";
        leaf name {
          type enumeration {
            enum "basic" {
              value 0;
              description
                "Trace web-filtering module generic basic information";
            }
            enum "session-manager" {
              value 1;
              description
                "Trace session management information";
            }
            enum "heartbeat" {
              value 2;
              description
                "Trace connectivity information with web-filter server";
            }
            enum "packet" {
              value 3;
              description
                "Trace packet information from session management";
            }
            enum "profile" {
              value 4;
              description
                "Trace profile config information";
            }
            enum "requests" {
              value 5;
              description
                "Trace requests sent to web-filter server";
            }
            enum "response" {
              value 6;
              description
                "Trace response received from web-filter server";
            }
            enum "socket" {
              value 7;
              description
                "Trace communication socket with web-filter server";
            }
            enum "timer" {
              value 8;
              description
                "Trace aging information for requests sent to server";
            }
            enum "ipc" {
              value 9;
              description
                "Trace communication events with PFE";
            }
            enum "cache" {
              value 10;
              description
                "Trace category cache operations";
            }
            enum "enhanced" {
              value 11;
              description
                "Trace Juniper enhanced web-filtering operations";
            }
            enum "all" {
              value 12;
              description
                "Enable trace all anti-virus trace options";
            }
          }
          description
            "Trace options for web-filtering feature trace flag name";
        }
      }  // list flag
    }  // grouping web-filtering-traceoptions

    grouping webfilter-feature {
      description
        "Web-filtering feature settings";
      uses apply-advanced;

      container surf-control-integrated {
        status deprecated;
        description
          "Configure web-filtering surf-control integrated engine";
        uses surf-control-integrated-type;
      }  // container surf-control-integrated

      container websense-redirect {
        description
          "Configure web-filtering websense redirect engine";
        uses websense-type;
      }  // container websense-redirect

      container juniper-local {
        description
          "Configure web-filtering juniper local engine";
        uses juniper-local-type;
      }  // container juniper-local

      container juniper-enhanced {
        description
          "Configure web-filtering juniper enhanced engine";
        uses juniper-enhanced-type;
      }  // container juniper-enhanced
    }  // grouping webfilter-feature

    grouping juniper-enhanced-type {
      description "Juniper Enhanced";
      uses apply-advanced;

      list profile {
        key "name";
        ordered-by user;
        description
          "Juniper enhanced profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description
            "Juniper enhanced profile name";
        }

        uses apply-advanced;

        leaf base-filter {
          type string;
          description "Juniper base filter";
        }

        list category {
          key "name";
          ordered-by user;
          description
            "Juniper enhanced category";
          uses juniper-enhanced-category-type;
        }  // list category

        container site-reputation-action {
          presence
            "enable site-reputation-action";
          description
            "Juniper enhanced site reputation action";
          uses juniper-enhanced-site-reputation-setting;
        }  // container site-reputation-action

        leaf default {
          type enumeration {
            enum "permit" {
              value 0;
              description "Permit action";
            }
            enum "block" {
              value 1;
              description "Block action";
            }
            enum "log-and-permit" {
              value 2;
              description
                "Log and permit action";
            }
            enum "quarantine" {
              value 3;
              description
                "Quarantine action";
            }
          }
          description
            "Juniper enhanced profile default";
        }

        leaf custom-message {
          junos:must "("security utm custom-objects custom-message $$")";
          junos:must-message "custom-message must be defined";
          type string;
          description "Custom message";
        }

        container fallback-settings {
          presence
            "enable fallback-settings";
          description
            "Juniper enhanced fallback settings";
          uses web-filtering-fallback-setting;
        }  // container fallback-settings

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32;
          }
          units "seconds";
          description
            "Juniper enhanced timeout";
        }

        leaf no-safe-search {
          type empty;
          description
            "Do not perform safe-search for Juniper enhanced protocol";
        }
      }  // list profile
    }  // grouping juniper-enhanced-type

    grouping juniper-local-type {
      description "Juniper local";
      uses apply-advanced;

      list profile {
        key "name";
        ordered-by user;
        description "Juniper local profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description
            "Juniper local profile name";
        }

        uses apply-advanced;

        leaf default {
          type enumeration {
            enum "permit" {
              value 0;
              description "Permit action";
            }
            enum "block" {
              value 1;
              description "Block action";
            }
            enum "log-and-permit" {
              value 2;
              description
                "Log and permit action";
            }
          }
          description
            "Juniper local profile default";
        }

        list category {
          key "name";
          ordered-by user;
          description "Custom category";
          uses custom-category-type;
        }  // list category

        leaf custom-message {
          junos:must "("security utm custom-objects custom-message $$")";
          junos:must-message "custom-message must be defined";
          type string;
          description "Custom message";
        }

        leaf no-safe-search {
          type empty;
          description
            "Do not perform safe-search for Juniper local protocol";
        }

        container fallback-settings {
          presence
            "enable fallback-settings";
          description
            "Juniper local fallback settings";
          uses web-filtering-fallback-setting;
        }  // container fallback-settings

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "seconds";
          description
            "Juniper local timeout";
        }
      }  // list profile
    }  // grouping juniper-local-type

    grouping surf-control-integrated-type {
      description "Surf control integrated";
      uses apply-advanced;

      container cache {
        presence "enable cache";
        uses apply-advanced;

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "minutes";
          default "1440";
          description
            "Surf control integrated cache timeout";
        }

        leaf size {
          type string;
          units "kilobytes";
          default "1024";
          description
            "Surf control integrated cache size";
        }
      }  // container cache

      container server {
        presence "enable server";
        description "Surf control server";
        uses server;
      }  // container server

      list profile {
        key "name";
        ordered-by user;
        description
          "Surf control integrated profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description
            "Surf control integrated profile name";
        }

        uses apply-advanced;

        list category {
          key "name";
          ordered-by user;
          description
            "Surf control integrated category";
          uses surf-control-integrated-category-type;
        }  // list category

        leaf default {
          type enumeration {
            enum "permit" {
              value 0;
              description "Permit action";
            }
            enum "block" {
              value 1;
              description "Block action";
            }
            enum "log-and-permit" {
              value 2;
              description
                "Log and permit action";
            }
          }
          description
            "Surf control integrated profile default";
        }

        leaf custom-block-message {
          type string {
            length "1 .. 512";
          }
          description
            "Surf control integrated custom block message";
        }

        container fallback-settings {
          presence
            "enable fallback-settings";
          description
            "Surf control integrated fallback settings";
          uses web-filtering-fallback-setting;
        }  // container fallback-settings

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "seconds";
          default "15";
          description
            "Surf control integrated timeout";
        }
      }  // list profile
    }  // grouping surf-control-integrated-type

    grouping surf-control-integrated-category-type {
      description
        "Surf control integrated category type";
      leaf name {
        type string {
          length "1 .. 59";
        }
        description
          "Surf control integrated category type name";
      }

      uses apply-advanced;

      leaf action {
        type enumeration {
          enum "permit" {
            value 0;
            description "Permit action";
          }
          enum "block" {
            value 1;
            description "Block action";
          }
          enum "log-and-permit" {
            value 2;
            description
              "Log and permit action";
          }
        }
        description
          "Surf control integrated category type action";
      }
    }  // grouping surf-control-integrated-category-type

    grouping websense-type {
      description "Websense redirect";
      uses apply-advanced;

      list profile {
        key "name";
        ordered-by user;
        description
          "Websense redirect profile";
        leaf name {
          type string {
            length "1 .. 29";
          }
          description
            "Websense redirect profile name";
        }

        uses apply-advanced;

        container server {
          presence "enable server";
          description
            "Websense redirect server";
          uses server;
        }  // container server

        list category {
          key "name";
          ordered-by user;
          description "Custom category";
          uses custom-category-type;
        }  // list category

        leaf custom-message {
          junos:must "("security utm custom-objects custom-message $$")";
          junos:must-message "custom-message must be defined";
          type string;
          description "Custom message";
        }

        leaf no-safe-search {
          type empty;
          description
            "Do not perform safe-search for websense redirect protocol";
        }

        container fallback-settings {
          presence
            "enable fallback-settings";
          description
            "Websense redirect fallback settings";
          uses web-filtering-fallback-setting;
        }  // container fallback-settings

        leaf timeout {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 1800";
            }
          }
          units "seconds";
          description
            "Websense redirect timeout";
        }

        leaf sockets {
          type union {
            type string {
              pattern "<.*>|$.*";
            }
            type uint32 {
              range "1 .. 32";
            }
          }
          description
            "Websense redirect sockets number";
        }

        leaf account {
          type string {
            length "1 .. 28";
          }
          description
            "Websense redirect account";
        }
      }  // list profile
    }  // grouping websense-type

    grouping wildcard-address-type {
      description
        "Wildcard address and mask";
      leaf name {
        type string {
          length "1 .. 63";
        }
        description
          "Numeric IPv4 wildcard address with in the form of a.d.d.r/netmask";
      }

      uses apply-advanced;
    }  // grouping wildcard-address-type

    grouping write-option-82-type {
      uses apply-advanced;
    }  // grouping write-option-82-type

    grouping zone-interface-list-type {
      description
        "Logical interfaces in this zone";
      leaf name {
        junos:must "(!(("protocols l2-learning global-mode switching" && "interfaces $$ family ethernet-switching")))";
        junos:must-message "Referenced interface must not be ethernet-switching interface of switching mode";
        junos:must "(!((!("protocols l2-learning global-mode transparent-bridge") && "interfaces $$ family ethernet-switching")))";
        junos:must-message "Referenced interface must not be ethernet-switching interface of switching mode";
        type union {
          type jt:interface-name;
          type string {
            pattern "<.*>|$.*";
          }
        }
        description "Logical interface";
      }

      uses apply-advanced;

      container host-inbound-traffic {
        uses interface_host_inbound_traffic_t;
      }  // container host-inbound-traffic
    }  // grouping zone-interface-list-type

    grouping interface_host_inbound_traffic_t {
      uses apply-advanced;

      list system-services {
        key "name";
        ordered-by user;
        description
          "Type of incoming system-service traffic to accept";
        uses interface-system-services-object-type;
      }  // list system-services

      list protocols {
        key "name";
        ordered-by user;
        description
          "Protocol type of incoming traffic to accept";
        uses host-inbound-protocols-object-type;
      }  // list protocols
    }  // grouping interface_host_inbound_traffic_t

    grouping host-inbound-protocols-object-type {
      description
        "Protocol type of incoming traffic to accept";
      leaf name {
        type enumeration {
          enum "all" {
            value 0;
            description "All protocols";
          }
          enum "bfd" {
            value 1;
            description
              "Bidirectional Forwarding Detection";
          }
          enum "bgp" {
            value 2;
            description
              "Border Gateway Protocol";
          }
          enum "dvmrp" {
            value 3;
            description
              "Distance Vector Multicast Routing Protocol";
          }
          enum "igmp" {
            value 4;
            description
              "Internet Group Management Protocol";
          }
          enum "ldp" {
            value 5;
            description
              "Label Distribution Protocol";
          }
          enum "msdp" {
            value 6;
            description
              "Multicast Source Discovery Protocol";
          }
          enum "ndp" {
            value 7;
            description
              "IPv6 Neighbor Discovery Protocol";
          }
          enum "nhrp" {
            value 8;
            description
              "Next Hop Resolution Protocol";
          }
          enum "ospf" {
            value 9;
            description
              "Open Shortest Path First";
          }
          enum "ospf3" {
            value 10;
            description
              "Open Shortest Path First version 3";
          }
          enum "pgm" {
            value 11;
            description
              "Pragmatic General Multicast";
          }
          enum "pim" {
            value 12;
            description
              "Protocol Independent Multicast";
          }
          enum "rip" {
            value 13;
            description
              "Routing Information Protocol";
          }
          enum "ripng" {
            value 14;
            description
              "Routing Information Protocol next generation";
          }
          enum "router-discovery" {
            value 15;
            description "Router Discovery";
          }
          enum "rsvp" {
            value 16;
            description
              "Resource Reservation Protocol";
          }
          enum "sap" {
            value 17;
            description
              "Session Announcement Protocol";
          }
          enum "vrrp" {
            value 18;
            description
              "Virtual Router Redundancy Protocol";
          }
        }
        description "Protocol name";
      }

      uses apply-advanced;

      leaf except {
        junos:must "(".. .. protocols all")";
        junos:must-message "'except'' statement can be included only along with 'protocols all' statement";
        type empty;
        description
          "Protocol type of incoming traffic to disallow";
      }
    }  // grouping host-inbound-protocols-object-type

    grouping interface-system-services-object-type {
      description
        "Type of incoming system-service traffic to accept";
      leaf name {
        type enumeration {
          enum "all" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 0;
            description
              "All system services";
          }
          enum "bootp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 1;
            description
              "Bootp and dhcp relay-agent service";
          }
          enum "dhcp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 2;
            description
              "Dynamic Host Configuration Protocol";
          }
          enum "dhcpv6" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 3;
            description
              "Enable Dynamic Host Configuration Protocol for IPv6";
          }
          enum "dns" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 4;
            description "DNS service";
          }
          enum "finger" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 5;
            description "Finger service";
          }
          enum "ftp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 6;
            description "FTP";
          }
          enum "ident-reset" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 7;
            description
              "Send back TCP RST to IDENT request for port 113";
          }
          enum "http" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 8;
            description
              "Web management service using HTTP";
          }
          enum "https" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 9;
            description
              "Web management service using HTTP secured by SSL";
          }
          enum "ike" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 10;
            description
              "Internet Key Exchange";
          }
          enum "netconf" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 11;
            description "NETCONF service";
          }
          enum "ping" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 12;
            description
              "Internet Control Message Protocol echo requests";
          }
          enum "rlogin" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 13;
            description "Rlogin service";
          }
          enum "reverse-telnet" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 14;
            description
              "Reverse telnet service";
          }
          enum "reverse-ssh" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 15;
            description
              "Reverse SSH service";
          }
          enum "rpm" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 16;
            description
              "Real-time performance monitoring";
          }
          enum "rsh" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 17;
            description "Rsh service";
          }
          enum "snmp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 18;
            description
              "Simple Network Management Protocol service";
          }
          enum "snmp-trap" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 19;
            description
              "Simple Network Management Protocol traps";
          }
          enum "ssh" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 20;
            description "SSH service";
          }
          enum "telnet" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 21;
            description "Telnet service";
          }
          enum "traceroute" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 22;
            description "Traceroute service";
          }
          enum "xnm-ssl" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 23;
            description
              "JUNOScript API service over SSL";
          }
          enum "xnm-clear-text" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 24;
            description
              "JUNOScript API for unencrypted traffic over TCP";
          }
          enum "tftp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 25;
            description "TFTP";
          }
          enum "lsping" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 26;
            description
              "Label Switched Path ping service";
          }
          enum "ntp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 27;
            description
              "Network Time Protocol service";
          }
          enum "sip" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 28;
            description
              "Enable Session Initiation Protocol service";
          }
          enum "r2cp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 29;
            description
              "Enable Radio-Router Control Protocol service";
          }
          enum "webapi-clear-text" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 30;
            description
              "Webapi service using http";
          }
          enum "webapi-ssl" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 31;
            description
              "Webapi service using HTTP secured by SSL";
          }
          enum "tcp-encap" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 32;
            description
              "Tcp encapsulation service";
          }
          enum "appqoe" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 33;
            description
              "APPQOE active probe service";
          }
          enum "high-availability" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 34;
            description
              "High Availability service";
          }
          enum "any-service" {
            value 35;
            description
              "Enable services on entire port range";
          }
        }
      }

      uses apply-advanced;

      leaf except {
        junos:must "(".. .. system-services all")";
        junos:must-message "'except'' statement can be included only along with 'system-services all' statement";
        type empty;
        description
          "Type of incoming system-service traffic to disallow";
      }
    }  // grouping interface-system-services-object-type

    grouping zone_host_inbound_traffic_t {
      uses apply-advanced;

      list system-services {
        key "name";
        ordered-by user;
        description
          "Type of incoming system-service traffic to accept";
        uses zone-system-services-object-type;
      }  // list system-services

      list protocols {
        key "name";
        ordered-by user;
        description
          "Protocol type of incoming traffic to accept";
        uses host-inbound-protocols-object-type;
      }  // list protocols
    }  // grouping zone_host_inbound_traffic_t

    grouping zone-system-services-object-type {
      description
        "Type of incoming system-service traffic to accept";
      leaf name {
        type enumeration {
          enum "all" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 0;
            description
              "All system services";
          }
          enum "bootp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 1;
            description
              "Bootp and dhcp relay-agent service";
          }
          enum "dhcp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 2;
            description
              "Dynamic Host Configuration Protocol";
          }
          enum "dhcpv6" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 3;
            description
              "Enable Dynamic Host Configuration Protocol for IPv6";
          }
          enum "dns" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 4;
            description "DNS service";
          }
          enum "finger" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 5;
            description "Finger service";
          }
          enum "ftp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 6;
            description "FTP";
          }
          enum "ident-reset" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 7;
            description
              "Send back TCP RST to IDENT request for port 113";
          }
          enum "http" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 8;
            description
              "Web management service using HTTP";
          }
          enum "https" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 9;
            description
              "Web management service using HTTP secured by SSL";
          }
          enum "ike" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 10;
            description
              "Internet Key Exchange";
          }
          enum "netconf" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 11;
            description "NETCONF service";
          }
          enum "ping" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 12;
            description
              "Internet Control Message Protocol echo requests";
          }
          enum "rlogin" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 13;
            description "Rlogin service";
          }
          enum "reverse-telnet" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 14;
            description
              "Reverse telnet service";
          }
          enum "reverse-ssh" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 15;
            description
              "Reverse SSH service";
          }
          enum "rpm" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 16;
            description
              "Real-time performance monitoring";
          }
          enum "rsh" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 17;
            description "Rsh service";
          }
          enum "snmp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 18;
            description
              "Simple Network Management Protocol service";
          }
          enum "snmp-trap" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 19;
            description
              "Simple Network Management Protocol traps";
          }
          enum "ssh" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 20;
            description "SSH service";
          }
          enum "telnet" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 21;
            description "Telnet service";
          }
          enum "traceroute" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 22;
            description "Traceroute service";
          }
          enum "xnm-ssl" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 23;
            description
              "JUNOScript API service over SSL";
          }
          enum "xnm-clear-text" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 24;
            description
              "JUNOScript API for unencrypted traffic over TCP";
          }
          enum "tftp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 25;
            description "TFTP";
          }
          enum "lsping" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 26;
            description
              "Label Switched Path ping service";
          }
          enum "ntp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 27;
            description
              "Network Time Protocol service";
          }
          enum "sip" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 28;
            description
              "Enable Session Initiation Protocol service";
          }
          enum "r2cp" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 29;
            description
              "Enable Radio-Router Control Protocol service";
          }
          enum "webapi-clear-text" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 30;
            description
              "Webapi service using http";
          }
          enum "webapi-ssl" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 31;
            description
              "Webapi service using HTTP secured by SSL";
          }
          enum "tcp-encap" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 32;
            description
              "Tcp encapsulation service";
          }
          enum "appqoe" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 33;
            description
              "APPQOE active probe service";
          }
          enum "high-availability" {
            junos:must "(!(".. .. system-services $$={any-service}"))";
            junos:must-message "If `any` is set other services are disallowed";
            value 34;
            description
              "High Availability service";
          }
          enum "any-service" {
            value 35;
            description
              "Enable services on entire port range";
          }
        }
      }

      uses apply-advanced;

      leaf except {
        junos:must "(".. .. system-services all")";
        junos:must-message "'except'' statement can be included only along with 'system-services all' statement";
        type empty;
        description
          "Type of incoming system-service traffic to disallow";
      }
    }  // grouping zone-system-services-object-type
  }  // module junos-es-conf-tenants